Library of Congress Thwarted Ransomware Attack Thanks to MFA Security

The author

On October 28, 2023, the British Library in London was hit by a devastating ransomware attack that ended up causing months of disruption to the venerable institution’s services.

We’ve covered this story before, both the incident itself and the unusually frank post-incident lessons learned report published by the Library in March.

We later learned that on the same day this was happening in London, another famous national library, the Library of Congress (LOC) in Washington D.C., was also being targeted by ransomware.

However, according to internal documents obtained by Nextgov/FCW in 2024,  the attack on the U.S. institution failed because the point of attack (a server or other computer) was secured with multi-factor authentication (MFA).

The report was unable to gain any context for this incident nor even to get confirmation from the LOC itself that it happened, but the institution has not denied it either. We don’t even know if the same ransomware group, Rhysida, was involved in both attacks although that seems a possibility.

Two major libraries, symbols of their respective countries’ learning and culture, but two very different results thanks to MFA, a security layer many experts now recommend as essential to protect all credentials.

What’s frustrating for the British Library is that the attackers likely got behind their defenses through a single Windows Terminal Server installed in 2020 to make remote management easier during the pandemic.

This was due to be upgraded to MFA but wasn’t before the attack, a delay that proved fateful. Whether by design or luck, the LOC avoided this fate, saving itself a huge amount of pain.

Telling the world

As anyone who manages remote access will know, it only takes one unprotected interface among dozens to let an attacker in.

MFA has some downsides – poorly implemented, it can become a time-sapping inconvenience to employees. But using it will put off all but the most determined attackers or at least slow them down so detection becomes more likely.

The story of the British Library’s failure and the LOC’s apparent success has another notable element to it – the different public responses.

Since the attack, the British Library has gone out of its way to publicly document what happened, including admitting to what could be seen as an embarrassing security failure.

(As an aside, the organization’s report [PDF] is well worth a read for anyone interested in ransomware forensics and post-incident analysis.) 

Meanwhile, the LOC has said nothing. You could reasonably argue that it has nothing to say because nothing happened. Except that, as the internal documents outline, something did happen – the LOC resisted what could have been a serious ransomware attack.

Not talking about incidents might just be an institutional preference to avoid attracting attention or sounding smug when defenses hold up. Or perhaps it’s a case of security by obscurity. The less you say about your defenses, the better.

But it’s a shame it’s not at least willing to discuss the basic details. Security isn’t just about MFA but on this occasion, it seems to have played a big part. It never hurts to remind people of this. 

Sign Up For Our Newsletter

Don’t worry, we hate spam too!

Get The Latest On Ransomware Right In Your Inbox

Sign Up To Receive Our Monthly Ransomware Newsletter
Don’t worry, we hate spam too
Share via
Copy link
Powered by Social Snap