Self-described as the largest distribution firm issuing books to libraries in the world, North Carolina-based enterprise Baker & Taylor was recently hit by a ransomware attack. In business for almost two centuries now, the well-established company supplies to schools as well as libraries of both an academic and public nature across the globe.

A recent security advisory from the distributor confirmed that it was working on trying to restore its internal systems following a decisive strike involving ransomware.

Impact of a ransomware attack

Baker & Taylor stated on August 23 that its dedicated servers were experiencing significant downtime after an outage. The incident impacted many areas of the company, including its phone systems, service centres and offices. Enterprises offering services are attractive targets for ransomware gangs who use the interruptions to leverage payments from their victims. Many companies keen to resume their normal practices and provide seamless service to their customers or clients often pay ransoms, seeing such an action as a necessary evil.

On August 24, the library services provider updated its information, revealing that the disruptions suffered by its business-critical systems due to the incident would likely persist throughout the week, but that its technical teams were working around the clock to restore the impacted servers.

A statement from Baker & Taylor explained:

“As an update, the source of the disruption is a ransomware attack launched against our network over the weekend, which we have been working to remediate ever since. Cyber-attacks are an increasing threat to all companies, and unfortunately, we, like others fell victim to a hacker’s attack. Our IT team and outside experts are working nonstop to restore our systems. We want to take this opportunity to thank you again for your continued patience and cooperation as we deal with the service disruption we’ve been experiencing. We know that it has been frustrating, and we appreciate your ongoing understanding.”

Handling a ransomware attack

The library service provider has added that it will continue to provide further updates and that it is looking forward to returning to a state of normal operations as swiftly as possible. At present, no information exists on which ransomware gang was responsible for the attack. However, based on the statement from Baker & Taylor which explains that it is working to restore its data, it seems unlikely that it has any intention of conceding to the attacker’s demands.

Both the UK and US Governments advise that enterprises never pay ransoms to threat operators. Expert have explained that there are no guarantees that attackers will give decryption codes to free systems and servers and the data that they contain, but also urge firms not to pay as it encourages ransomware gangs to continue operating.

Modern ransomware gangs often don’t stop at simply encrypting company data but will exfiltrate confidential information to put pressure on companies. If they have backed up their data and refuse to pay, attackers threaten to release sensitive data on their business or customers or sell it to other cybercriminals.