Online Library App Onleihe Faces Issues After Cyberattack on Provider
Library lending app Onleihe announced problems lending several media formats offered on the platform, like audio, video, and e-book files, after a cyberattack targeted their vendor.
Onleihe is an app that allows users to connect to your local libraries and borrow eBooks, eMagazines, and audiobooks. The app is used by numerous universities in Europe and also the international Goethe-Institut, and in Germany, it accounts for roughly 40% of all eBook consumption.
According to the announcement, there was a system failure last week, deleting files that were encrypted with copy protection.
These files will have to be re-encrypted and uploaded onto the library to be made available again, which is a process currently ongoing.
Video and audio files have been affected to the point of displaying streaming errors, while e-book files affected by the incident only show the first chapter or random content samples.
Onleihe has provided a list of the titles that were reported to be affected and is advising users to delete them from their devices and download them again.
Finally, the user forums on the platform are not available at the moment due to a technical problem of undefined nature.
Attack on a service provider
The service provider for Onleihe, EKZ, suffered a cyberattack on April 18th, 2022, which rendered specific systems unreachable.
This outage impacted the websites ekz.de, ekz.at, ekz.fr, divibib.com, the divibib user forum, the divibib Pentaho statistics page and the catalog data, and ID-Delivery.
“The library user-related systems of the subsidiaries divibib with online lending (with the exception of eAudios and eVideos) and the LMSCloud as well as our e-mail applications are not affected.” asserted EKZ’s announcement.
The firm filed criminal charges with local law enforcement agencies and engaged third-party specialists to help with restoration while its IT team evaluated the available backups.
Yesterday, EKZ updated the situation, stating that most of the systems have been restored. However, invoice issuing and order processing are still impacted by delays, as shop equipment is still offline.
LockBit 2.0 claims responsibility.
While there’s no mention of the word ransomware in EKZ’s announcement, Bleeping Computer was able to find the firm listed on the LockBit ransomware data leak site.
When ransomware gangs breach corporate networks, they spend some time stealing data to be used in double-extortion attacks. If a victim does not pay the ransom, this data is then leaked on the ransomware gang’s Tor data leak site.
On April 28th, the LockBit gang published data allegedly stolen from EKZ, as shown below.
As LockBit has released 100% of the data, this indicates that EKZ will not pay the ransom and is likely restoring from backups.