The Rhysida ransomware gang has claimed responsibility for the extensive cyberattack on the British Library in October of this year. The cybercriminals assert they have stolen confidential data and have already commenced auctioning it. The initial bid stands at 20 bitcoins (BTC), approximately equivalent to $745,000.

On the group’s leak site, samples of the purloined information were discovered, including passport scans and other documents believed to be official employment papers for HM Revenue and Customs (HMRC) in the United Kingdom. Rhysida asserts that the auction winner will become the sole possessor of this data, pledging that the information will not be resold. However, there are no guarantees that Rhysida has not retained copies of the data or that they won’t use it for other purposes.

British Library Cyberattack

The British Library confirmed that it experienced a major disruption in its IT systems in late October due to a cyberattack. However, the library has yet to comment on Rhysida’s claims. Since the attack, the library has faced significant challenges: electronic payments have been disabled, visitor access to Wi-Fi has been unavailable, and book ordering services have been restricted.

Even after confirming the ransomware attack, the full extent of the damage remains unclear. The library has informed the public through social media about its efforts to resolve the issue. It can be speculated that Rhysida’s statement claiming responsibility for the attack, released several weeks after the incident was confirmed, may indicate the failure of ransom negotiations.

Experts link Rhysida’s activities to other well-known hacker groups, such as Vice Society, noting similarities in their tactics, techniques, and procedures (TTPs). Rhysida is believed to operate under the model of ‘Ransomware-as-a-Service’ (RaaS) and employs double extortion methods, as in the case of the British Library, disguising their activities as regular network traffic.