[LIBRARYDIR] Ransomware plan?

Claire Murata claire.murata at edmonds.edu
Thu Jun 16 11:53:44 PDT 2022 

I really appreciate everyone weighing in! And I am knocking wood for the
collective.

*Claire Murata, MLIS*
Associate Dean, Library and Learning Resources
20000 68th Ave. W., Lynnwood WA 98036 | edmonds.edu
claire.murata at edmonds.edu | (425) 640-1522

[image: college logo]


On Thu, Jun 16, 2022 at 11:18 AM Julie Nurse via LIBRARYDIR <
librarydir at lists.ctc.edu> wrote:

> Also, I’d be happy to join a future group to discuss and prepare. Though,
> I am knocking on wood and hope-hope-hope no one ever has to experience a
> ransomware attack!
>
>
>
> Julie
>
>
>
> Julie Nurse
>
> Library Director
>
> Centralia College
>
> 360.623.8567
>
> julie.nurse at centralia.edu
>
> [image: cc new tree]
>
>
>
> *From:* LIBRARYDIR <librarydir-bounces at lists.ctc.edu> * On Behalf Of *Bem,
> Greg via LIBRARYDIR
> *Sent:* Thursday, June 16, 2022 9:19 AM
> *To:* WACTC Library Directors <librarydir at lists.ctc.edu>
> *Cc:* Bem, Greg <Greg.Bem at lwtech.edu>
> *Subject:* Re: [LIBRARYDIR] Ransomware plan?
>
>
>
> I asked my colleague and friend Ryer Banta at Centralia on his perspective
> and received this response. I think it’s important to gauge both
> administrative perspective as well as other on-the-ground library workers
> (including faculty) (and I bolded the line below that resonated a lot with
> me):
>
>
>
> After having gone through this at my campus and my library, I absolutely
> recommend library staff thinking through the implications and impacts of an
> event like this that takes out key technology.
>
>
>
> First the library technology lead should connect with IT to better
> understand the likely scenarios to anticipate. There are lots of different
> types of exploits, but the effect and impact probably fall into a few key
> types. At Centralia we experienced a lengthy shut-down of all campus
> computer, including student labs, and all campus servers, which acted as
> key points of connection between users and both local and cloud services.
> So that seems like one big scenario to think through.
>
>
>
> Then, I recommend involving all library staff in some sort of
> brainstorming and planning discussion. A technology lead can probably
> anticipate a great deal of impacts, both other staff will bring valuable
> perspective and impacts that may not be immediately apparent.
>
>
>
> If you have locally hosted proxy service or other local sign-on tools,
> think carefully about how to quickly pivot and provide alternative access.
> Many databases have ways in the admin panel to configure some sort of
> generic, remote access, like a shared username and password. While not
> ideal, this type of alternative can help as a temporary workaround. If you
> have a locally hosted website, think about how you can schedule cloud
> backups that can be used to restore. Think through ways to improve backup
> of files on machines and any local network drives.
>
>
>
> Ransomeware attacks will look different on different campuses, but at
> heart of my recommendation is the idea that thinking through what would be
> impacted as a group will come up with some good ideas of how to have
> workarounds in place, multiple backups automated, and other methods of not
> keeping all your eggs in one basket.
>
>
>
> *And FWIW, we are still experiencing issues from our attack. Months and
> months later. Our student computer labs are still down. Our intranet files
> are still unrecovered. We still don't know if files on our local networked
> drives will be recovered.*
>
>
>
> At our library, the biggest, most visible and painful weakpoint was our
> locally hosted EzProxy service. It was frustrating knowing that databases
> were still working, but no one could get to them because there were no
> on-campus computers or wifi, and remote users couldn't log in.  We also saw
> how this impacted direct database access as well as access via Primo. It
> took a good bit of work to create workarounds, then even more work once we
> had a fix. We made decisions on the fly about what to prioritize. So I
> focused on restoring workaround access to a few of our most popular
> database packages.
>
>
>
> I happy to answer any questions or provide any more detail on any of this,
> but hopefully this helps get started.
>
>
>
>
>
> *Greg Bem, MLIS*
>
> *Faculty Library Coordinator*
>
> *Library Learning Commons*
>
> *Lake Washington Inst. Of Technology*
>
> *Pronouns: he/him/his*
>
>
>
> *Contact Info*
>
> greg.bem at lwtech.edu <greg.bem at lwtech.edu%0d>
>
> 425-739-8100 xt.8898
>
> http://www.lwtech.edu/campus-life/library
>
>
>
> *From:* LIBRARYDIR <librarydir-bounces at lists.ctc.edu> * On Behalf Of *Jacquelyn
> Ray via LIBRARYDIR
> *Sent:* Wednesday, June 15, 2022 4:12 PM
> *To:* WACTC Library Directors <librarydir at lists.ctc.edu>
> *Cc:* Jacquelyn Ray <jacquelyn.ray at wwcc.edu>
> *Subject:* Re: [LIBRARYDIR] Ransomware plan?
>
>
>
> Well, I wonder if they worder their request poorly?  (Not saying that's an
> IT thing to do)  🙂
>
>
>
> Perhaps they are thinking of continuity of services and what might be
> impacted? For example, Centralia's quick move to LibGuides was impressive.
> Services and Resources we could continue to offer would also include
> circulating print materials, virtual reference, etc.
>
>
>
> All my best,
>
> Jacquelyn
>
>
>
> ​Jacquelyn Ray, MLIS, MA | Director of Library Services, FYE & Interim
> Director of Continuing Education| she/her
>
> Walla Walla Community College
> *Need help evenings or weekends? Try our **24/7 Ask-a-Librarian Chat
> Service!*
> <https://askwa.libanswers.com/widget_chat.php?hash=d266f8c192e1c15230f3b8f764dcead2>
>
>
> *“Be kind whenever possible. It is always possible.” ~Dalai Lama*
>
>
>
>
>
>
>
> <https://askwa.libanswers.com/widget_chat.php?hash=d266f8c192e1c15230f3b8f764dcead2>
>
>
> ------------------------------
>
> *From:* LIBRARYDIR <librarydir-bounces at lists.ctc.edu> on behalf of Susan
> Schreiner via LIBRARYDIR <librarydir at lists.ctc.edu>
> *Sent:* Wednesday, June 15, 2022 1:04 PM
> *To:* WACTC Library Directors <librarydir at lists.ctc.edu>
> *Cc:* Susan Schreiner <susan.schreiner at ghc.edu>
> *Subject:* Re: [LIBRARYDIR] Ransomware plan?
>
>
>
> CAUTION: This email did NOT originate from WWCC. Do not click links or
> open attachments unless you validate the sender and know the content is
> safe. If you are unsure, contact the Help Desk at x4357 or email
> helpdesk at wwcc.edu
>
> Kind of my thought too. Other than listing all service providers and
> having these contacts and their information maintained in an off-campus
> computer, and maybe doing backups that are stored off the main system, what
> else can we be doing for this scenario?
>
>
>
> Susan A. Schreiner
>
> Associate Dean for Library, eLearning, and Learning Support Services
>
> Grays Harbor College
>
> Aberdeen, WA 98520
>
>
>
> *From:* LIBRARYDIR [mailto:librarydir-bounces at lists.ctc.edu
> <librarydir-bounces at lists.ctc.edu>] *On Behalf Of *Fuhrman, Tim via
> LIBRARYDIR
> *Sent:* Wednesday, June 15, 2022 1:00 PM
> *To:* WACTC Library Directors <librarydir at lists.ctc.edu>
> *Cc:* Fuhrman, Tim <timf at bigbend.edu>
> *Subject:* Re: [LIBRARYDIR] Ransomware plan?
>
>
>
> Wouldn’t that be what we have THEM for?
>
>
>
> ______________________________________________________________
>
> *Tim Fuhrman*
>
>
> *Director of Library Resources & eLearning*
>
> *Big Bend Community College*
>
> *timf at bigbend.edu* <timf at bigbend.edu>
>
> *509.793.**2350*
> * 877.745.1212*
>
> *www.bigbend.edu* <http://www.bigbend.edu/>
>
> *Bonaudi Library (ATEC/1800 Building)•7662 Chanute Street NE•Moses Lake,
> WA 98837-3299*
>
>
>
>
>
> *From:* LIBRARYDIR <librarydir-bounces at lists.ctc.edu> *On Behalf Of *Claire
> Murata via LIBRARYDIR
> *Sent:* Wednesday, June 15, 2022 12:37 PM
> *To:* WACTC Library Directors <librarydir at lists.ctc.edu>
> *Cc:* Claire Murata <claire.murata at edmonds.edu>
> *Subject:* [LIBRARYDIR] Ransomware plan?
>
>
>
> *CAUTION:* Originated outside our network. Do not click links or open
> attachments unless you validate the sender.
>
>
>
> Hi all,
>
>
>
> I hope your spring quarter is wrapping up well for you and your students!
>
>
>
> Does your library have a plan for what to do if there is a
> ransomware attack? Our IT department has told everyone to make a plan, and
> I thought I would start with this group. Thanks in advance for your help,
> and if it's easier to talk than write, I would be happy to set up a call!
> Take care, Claire
>
> *Claire Murata, MLIS*
> Associate Dean, Library and Learning Resources
> 20000 68th Ave. W., Lynnwood WA 98036 | edmonds.edu
> claire.murata at edmonds.edu | (425) 640-1522
>
> [image: Image removed by sender. college logo]
> _______________________________________________
> LIBRARYDIR mailing list
> LIBRARYDIR at lists.ctc.edu
> http://lists.ctc.edu/mailman/listinfo/librarydir_lists.ctc.edu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/7f1757fe/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 5850 bytes
Desc: not available
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/7f1757fe/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 407 bytes
Desc: not available
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/7f1757fe/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image003.jpg
Type: image/jpeg
Size: 3390 bytes
Desc: not available
URL: <http://lists.ctc.edu/pipermail/librarydir_lists.ctc.edu/attachments/20220616/7f1757fe/attachment-0002.jpg>

More information about the LIBRARYDIR mailing list