Computer virus strikes library in regional network

A computer virus that locks down data and demands ransom payment infected a Rensselaer County library.

The virus hit the Stephentown Memorial Library, which is part of the Upper Hudson Library System. That system also includes libraries in Guilderland, Voorheesville, and Altamont.

No other libraries in the system were affected, said Joe Thornton, the manager of automation services for the UHLS.

The virus seems similar to the newest form of ransom virus, or ransomware, known as WannaCry, which attacked computer systems around the world and has been in the news recently. The amount demanded in the Stephentown library case, several hundred dollars, matches the WannaCry attacks. But the library network staff was not certain if the local attack was connected.

Ransomware is a piece of code that can be tailormade and installed on any Mac, PC, phone, server, or email account, to make it inaccessible to the user. Users log in, can’t access their data, and see a message demanding payment instead, said Larry Zimbler, president of Liberteks IT and Digital Services in Guilderland.

Ransomware has become popular in the last three to five years, Zimbler said. Its popularity has grown parallel to that of the electronic currency Bitcoin, he said, since ransomware only works if a hacker has some failsafe way to collect the money demanded. Ransomware was developed by the United States intelligence community, then leaked, Zimbler said.

On May 15, the Upper Hudson Library System was showing “some severe slowness,” which happens occasionally, Thornton said.

“It was a real coincidence that we found it,” he said of the virus.

The systems administrator, Rawdon Cheng, set out to determine why connections to the library’s server were slow. To do that, he could have tested the connection from any of the 29 member libraries.

Just by chance, Cheng picked Stephentown, a small library in a rural area. The library has limited hours, and not all of its computers are in use all the time. He logged onto Stephentown’s server from the UHLS’s Albany office.

He received the message saying that the data had been frozen and would be released after payment was received.

When an organization receives a ransomware demand, Zimbler said, it has two choices: pay up, or rebuild the server, which will wipe out all of the existing data. Some organizations may not know how to pay a ransom or how to rebuild a server. If they put off deciding what to do, the amount demanded might increase fivefold, Zimbler said.

Not all of the computers at Stephentown were affected, Thornton said.

There are 10 computers for library visitors to use at Stephentown, and none of those was affected, Thornton said. There are two hard-wired computers for staff use, which had no problems.

There are also four virtual machines at Stephentown. The ransomware affected them, in addition to Stephentown’s server. A virtual machine, Thornton said, looks like a computer, but is not a physical device; it is an environment that can be accessed from a computer or other device.

Luckily, the UHLS has an IT staff member who knew how to rebuild the system.

The first step, Thornton said, was making sure the virtual machines were backed up, before beginning to rebuild the server. Rebuilding the server, he said, would wipe out the data on the virtual machines.

No other UHLS servers were affected, Thornton said. It was the first time the library system had been attacked with ransomware, as far as he knew. The virus had no effect on UHLS operations, except temporarily on the staff at Stephentown, he said.

This kind of ransomware, Thornton said, is usually triggered by someone clicking on a link within an email or on a website. In this case, it would have been a member of the staff, and not the public.

The UHLS was able to wipe the server clean and restage it within a week.



The Altamont Enterprise is focused on hyper-local, high-quality journalism. We produce free election guides, curate readers' opinion pieces, and engage with important local issues. Subscriptions open full access to our work and make it possible.