British Library staff’s passports have been leaked online as ransomware hackers demanded £600,000 for the documents, paid in the cryptocurrency Bitcoin.

Cyber ​​crime gang Raisida has claimed responsibility for the hack, which disrupted the operations of the National Library for several weeks.

The group lists the British Library as a victim on its darknet website and has published low-resolution snippets of data it says it stole.

Cybersecurity researchers told The Telegraph that the images included passport photographs and HMRC employment records. The gang has offered to auction off more information to the highest bidder, with a starting price of 20 bitcoins, worth around £600,000.

A listing on the British Library website reads: “With only seven days to go, take advantage of the opportunity to bid on exclusive, unique and impressive data. Open your wallet and get ready to buy exclusive data.”

The listing appeared on Rhysida’s website on Monday morning, demanding payment by November 27.

Brett Callow, a threat analyst at Emisoft, said the data “auction” was effectively “a continuation of the extortion effort” by the gang.

Ransomware attacks typically involve the intrusion of a victim’s computer systems by hackers who break into a company’s IT systems and issue a ransom demand to unlock them. The gang would threaten to leak the stolen data online if payment was not made.

The attack has shut down public Wi-Fi at the St Pancras site and prevented some users from ordering from the library’s 150 million-strong collection of items – Pavel Libera/Getty Images

The cyber attack on the British Library began in late October and has taken large parts of the institution’s website offline for weeks.

The disruption has forced staff at the archive’s St Pancras site to accept some payments only in cash and shut down its public Wi-Fi.

On Monday, the British Library said: “Following confirmation last week that this leak was a ransomware attack, we have learned that some data has been leaked. This appears to be the case from our internal HR files.

“We have no evidence that our users’ data has been compromised.”

The library has previously said it is working with the Metropolitan Police and the National Cyber ​​Security Center (NCSC), linked to GCHQ, to carry out forensic investigations and strengthen its IT systems.

Sir Roly Keating, Chief Executive of the British Library, said: “We are extremely grateful to our many users and partners who have shown so much patience and support as we analyze the impact of this criminal attack and identify what we need to do. ” Restore our online systems in a secure and sustainable manner.”

According to cybersecurity firm Secureworks, the Racida ransomware virus surfaced in May 2023.

The group behind it is believed to be responsible for a series of cyber attacks targeting schools and health care institutions under another name, Vice Society.

Recent victims include the Chilean military and the University of the West of Scotland.

The Vice Society was blamed for stealing passport scans from more than a dozen UK schools in a series of cyberattacks earlier this year. Some cyber security experts have said that Vice Society appears to be a Russian-speaking gang.

Last week, the NCSC warned that ransomware remains “one of the greatest threats” to the UK’s national infrastructure because of the potentially devastating effects it can have on company IT systems.

Source: uk.finance.yahoo.com