Cyberattack cripples Solano County library computer system

FAIRFIELD – A cyberattack has crippled the library computer system throughout Solano County, cutting off public internet access and the library’s internal record keeping systems so that library employees are left filling out paper slips by hand for book borrowers.

Hackers who have claimed responsibility for the attack have threatened to release data stolen from the library system unless the county pays $100,000 by the end of this week. It is unclear what data is in the hackers’ possession but it could include sensitive information about library employees.

The library system – which operates nine libraries in Dixon, Fairfield, Suisun City, Rio Vista, Vacaville and Vallejo – first alerted patrons that the library computers were down in a Facebook post on April 5. “Computer services, phone lines, and WiFi are down at all library locations,” the post said.

As of Monday, library computers remain down, with no estimate for when they’ll be restored.

In an emailed statement provided to the Vallejo Sun, Solano County Registrar of Voters chief information officer Tim Flanagan characterized the attack as “unexpected activity” in the library’s computer systems that “disrupted the operability of certain computer systems.” 

“Upon learning of the activity, we responded quickly to confirm the security of our systems and to work toward restoring full functionality as soon as possible,” he said. 

Flanagan said that the library has hired computer specialists to “investigate the source of this activity and confirm any impact on our systems,” and the investigation is ongoing. There is no evidence that the disruption has extended to other county computer systems, he said.

Flanagan did not provide an estimate for when computer systems would or could be restored.

Three sources with knowledge of the incident said that the issues stem from an apparent cyberattack that has rendered the library computer system unusable. One source said that a library printer printed a message that said, "you have been penetrated by Medusa.” 

According to a report in Cybernews, Medusa is a ransomware attack that targeted at least 119 systems nationwide last year, including three school districts in a week. 

Typically, in a ransomware attack hackers will encrypt a user’s computer system, demand a ransom to restore the system and could threaten to release sensitive data if the ransom is not paid. In one Minneapolis ransomware attack reportedly carried out by Medusa, the group leaked sensitive data reporting teacher abuse and student psychological reports.

On a dark web website apparently operated by Medusa, the group has already released some files that appear to be stolen from the Solano County library and said that it has stolen 85 GB of data that it is threatening to release if the library does not pay $100,000 by Friday. 

In a similar attack on the city of Oakland last year, hackers eventually released hundreds of gigabytes of stolen data, which included personal information of city employees, people who filed claims in the City, some city interns and job applicants, and some dependents of city employees. The breach has led to lawsuits against the city.