26 community libraries in Contra Costa County compromised by a ransomware attack

MARTINEZ, Calif. (KGO) -- It may take several days to recover from a ransomware attack that has shuttered the online network linking all branches Contra Costa County Library branches and the Martinez administrative offices, the system said Friday evening.

The affected servers have been taken offline.

"We immediately took them offline to prevent them from spreading to any of our other servers," said Brooke Converse with the Contra Costa County Library.

A ransomware message was found at 6:20am on Friday in servers at the library's administrative offices in Martinez.
The attack was first found in servers at the library's administrative offices in Martinez. No Wifi or printing is available at any of the branches.

Some library services, like checking out and returning books. are now restored.

Library patrons with library accounts received emails from the county alerting them of the cyberattack.

"The library does store some information about us. That's what they say and I'm open to believing them. I'm glad that we don't store credit card information and social security numbers at the library," said Orinda resident, Gabriel Dawitt.

In the past, driver's license numbers were collected. According to the library that practice ended in 2019 when they removed that information from customer records.

In 2019 the library ended this practice and said they removed all driverss license information from their records.
Forensic analysis is being implemented at this time to figure out where this cyberattack originated.

"It's really appalling and I hope they've put new controls in place," said Orinda resident, Diane Dehlar.

Some library services, like checking out and returning books are now restored.

No Wi-Fi or printing is available at any of the branches.

"It wasn't clear if they exactly what they were after. Or if they had access to the information inside the servers. They locked them down with the ransomware and they requested a key in order to open it. There was no dollar amount attached to that key," said Brooke Converse with the Contra Costa County Library.

The library does stores names, addresses, phone numbers, email addresses and birth dates.

"I'm glad that we don't store credit card information and social security numbers at the library," said Orinda resident Gabriel Dawitt.

The library does not believe any personal information was compromised.

Detectives from the Contra Costa County Sheriff Department and District Attorney's office are investigating this ransomware attack.

Patrons with questions about impacted library services can contact Library Administration at (925) 608-7700 during regular business hours.
Copyright © 2020 KGO-TV. All Rights Reserved.