cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

British Library warns ransomware gangs that the British state will not pay ransom

Despite facing months and months of issues following an attack on its systems, the British Library has warned ransomware groups that there is no money to be made by attacking British state institutions.

user icon Daniel Croft
Fri, 15 Mar 2024
British Library warns ransomware gangs that the British State will not pay ransom
expand image

The British Library suffered a cyber attack in October last year, leading to outages across all its locations and systems.

The incident was quickly claimed by the Rhysida ransomware gang, which listed the library’s data on the dark web and gave buyers a week to sweep in and purchase it. It claimed to have stolen 600 gigabytes of data.

“With just seven days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” the ransomware group said on its leak site.


“Open your wallets and be ready to buy exclusive data.

“We sell only to one hand, no reselling, you will be the only owner.”

A ransom was also set for the group, which it refused to pay, despite the cost of clean-up otherwise being 10 times as much.

Now, the British Library has issued a warning to ransomware groups, saying there is no point in attacking British state agencies and organisations as they won’t pay up.

“The library has not made any payment to the criminal actors responsible for the attack nor engaged with them in any way,” it said.

“Ransomware gangs contemplating future attacks such as this on publicly funded institutions should be aware that the UK’s national policy, articulated by NCSC [National Cyber Security Centre], is unambiguously clear that no such payments should be made.”

Paying a ransom payment to a threat actor itself is not illegal in the UK, but if the funds are used for terrorism, then the group may be held accountable under s15(3) and s17 of the Terrorism Act 2000.

When Rhysida realised it would not be getting paid, it dumped the data on the dark web.

Despite its proud announcement that it had no interactions with Rhysida, the British Library is still suffering the consequences of the attack, with many of its systems remaining down.

The damage to the institution’s infrastructure was significant, with hackers making it as difficult as possible for the library to recover its systems on its own.

“While we have secure copies of all our digital collections – both born-digital and digitised content, and the metadata that describes it – we have been hampered by the lack of viable infrastructure on which to restore it,” the library said.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.