[LIBRARYDIR] Ransomware plan?

Bem, Greg Greg.Bem at lwtech.edu
Thu Jun 16 09:19:27 PDT 2022 

I asked my colleague and friend Ryer Banta at Centralia on his perspective and received this response. I think it’s important to gauge both administrative perspective as well as other on-the-ground library workers (including faculty) (and I bolded the line below that resonated a lot with me):

After having gone through this at my campus and my library, I absolutely recommend library staff thinking through the implications and impacts of an event like this that takes out key technology.

First the library technology lead should connect with IT to better understand the likely scenarios to anticipate. There are lots of different types of exploits, but the effect and impact probably fall into a few key types. At Centralia we experienced a lengthy shut-down of all campus computer, including student labs, and all campus servers, which acted as key points of connection between users and both local and cloud services. So that seems like one big scenario to think through.

Then, I recommend involving all library staff in some sort of brainstorming and planning discussion. A technology lead can probably anticipate a great deal of impacts, both other staff will bring valuable perspective and impacts that may not be immediately apparent.

If you have locally hosted proxy service or other local sign-on tools, think carefully about how to quickly pivot and provide alternative access. Many databases have ways in the admin panel to configure some sort of generic, remote access, like a shared username and password. While not ideal, this type of alternative can help as a temporary workaround. If you have a locally hosted website, think about how you can schedule cloud backups that can be used to restore. Think through ways to improve backup of files on machines and any local network drives.

Ransomeware attacks will look different on different campuses, but at heart of my recommendation is the idea that thinking through what would be impacted as a group will come up with some good ideas of how to have workarounds in place, multiple backups automated, and other methods of not keeping all your eggs in one basket.

And FWIW, we are still experiencing issues from our attack. Months and months later. Our student computer labs are still down. Our intranet files are still unrecovered. We still don't know if files on our local networked drives will be recovered.

At our library, the biggest, most visible and painful weakpoint was our locally hosted EzProxy service. It was frustrating knowing that databases were still working, but no one could get to them because there were no on-campus computers or wifi, and remote users couldn't log in.  We also saw how this impacted direct database access as well as access via Primo. It took a good bit of work to create workarounds, then even more work once we had a fix. We made decisions on the fly about what to prioritize. So I focused on restoring workaround access to a few of our most popular database packages.

I happy to answer any questions or provide any more detail on any of this, but hopefully this helps get started.


Greg Bem, MLIS
Faculty Library Coordinator
Library Learning Commons
Lake Washington Inst. Of Technology
Pronouns: he/him/his

Contact Info
greg.bem at lwtech.edu<mailto:greg.bem at lwtech.edu%0d>
425-739-8100 xt.8898
http://www.lwtech.edu/campus-life/library

From: LIBRARYDIR <librarydir-bounces at lists.ctc.edu> On Behalf Of Jacquelyn Ray via LIBRARYDIR
Sent: Wednesday, June 15, 2022 4:12 PM
To: WACTC Library Directors <librarydir at lists.ctc.edu>
Cc: Jacquelyn Ray <jacquelyn.ray at wwcc.edu>
Subject: Re: [LIBRARYDIR] Ransomware plan?

Well, I wonder if they worder their request poorly?  (Not saying that's an IT thing to do)  🙂

Perhaps they are thinking of continuity of services and what might be impacted? For example, Centralia's quick move to LibGuides was impressive.  Services and Resources we could continue to offer would also include circulating print materials, virtual reference, etc.

All my best,
Jacquelyn

​Jacquelyn Ray, MLIS, MA | Director of Library Services, FYE & Interim Director of Continuing Education| she/her
Walla Walla Community College
Need help evenings or weekends? Try our 24/7 Ask-a-Librarian Chat Service!<https://askwa.libanswers.com/widget_chat.php?hash=d266f8c192e1c15230f3b8f764dcead2>

“Be kind whenever possible. It is always possible.” ~Dalai Lama




<https://askwa.libanswers.com/widget_chat.php?hash=d266f8c192e1c15230f3b8f764dcead2>

________________________________
From: LIBRARYDIR <librarydir-bounces at lists.ctc.edu<mailto:librarydir-bounces at lists.ctc.edu>> on behalf of Susan Schreiner via LIBRARYDIR <librarydir at lists.ctc.edu<mailto:librarydir at lists.ctc.edu>>
Sent: Wednesday, June 15, 2022 1:04 PM
To: WACTC Library Directors <librarydir at lists.ctc.edu<mailto:librarydir at lists.ctc.edu>>
Cc: Susan Schreiner <susan.schreiner at ghc.edu<mailto:susan.schreiner at ghc.edu>>
Subject: Re: [LIBRARYDIR] Ransomware plan?

CAUTION: This email did NOT originate from WWCC. Do not click links or open attachments unless you validate the sender and know the content is safe. If you are unsure, contact the Help Desk at x4357 or email helpdesk at wwcc.edu<mailto:helpdesk at wwcc.edu>

Kind of my thought too. Other than listing all service providers and having these contacts and their information maintained in an off-campus computer, and maybe doing backups that are stored off the main system, what else can we be doing for this scenario?



Susan A. Schreiner

Associate Dean for Library, eLearning, and Learning Support Services

Grays Harbor College

Aberdeen, WA 98520



From: LIBRARYDIR [mailto:librarydir-bounces at lists.ctc.edu] On Behalf Of Fuhrman, Tim via LIBRARYDIR
Sent: Wednesday, June 15, 2022 1:00 PM
To: WACTC Library Directors <librarydir at lists.ctc.edu<mailto:librarydir at lists.ctc.edu>>
Cc: Fuhrman, Tim <timf at bigbend.edu<mailto:timf at bigbend.edu>>
Subject: Re: [LIBRARYDIR] Ransomware plan?



Wouldn’t that be what we have THEM for?



______________________________________________________________

[cid:image001.jpg at 01D88161.EC7DFC40]

Tim Fuhrman

Director of Library Resources
& eLearning

Big Bend Community College

timf at bigbend.edu<mailto:timf at bigbend.edu>

509.793.2350
877.745.1212

www.bigbend.edu<http://www.bigbend.edu/>

Bonaudi Library (ATEC/1800 Building)•7662 Chanute Street NE•Moses Lake, WA 98837-3299





From: LIBRARYDIR <librarydir-bounces at lists.ctc.edu<mailto:librarydir-bounces at lists.ctc.edu>> On Behalf Of Claire Murata via LIBRARYDIR
Sent: Wednesday, June 15, 2022 12:37 PM
To: WACTC Library Directors <librarydir at lists.ctc.edu<mailto:librarydir at lists.ctc.edu>>
Cc: Claire Murata <claire.murata at edmonds.edu<mailto:claire.murata at edmonds.edu>>
Subject: [LIBRARYDIR] Ransomware plan?



CAUTION: Originated outside our network. Do not click links or open attachments unless you validate the sender.



Hi all,



I hope your spring quarter is wrapping up well for you and your students!



Does your library have a plan for what to do if there is a ransomware attack? Our IT department has told everyone to make a plan, and I thought I would start with this group. Thanks in advance for your help, and if it's easier to talk than write, I would be happy to set up a call! Take care, Claire

Claire Murata, MLIS
Associate Dean, Library and Learning Resources
20000 68th Ave. W., Lynnwood WA 98036 | edmonds.edu<http://edmonds.edu>
claire.murata at edmonds.edu<mailto:claire.murata at edmonds.edu> | (425) 640-1522

[Image removed by sender. college logo]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/55271e8b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5850 bytes
Desc: image001.jpg
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/55271e8b/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 407 bytes
Desc: image002.jpg
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/55271e8b/attachment-0001.jpg>

More information about the LIBRARYDIR mailing list