German library service struggling to recover from ransomware attack
Jonathan Greig May 2, 2022

German library service struggling to recover from ransomware attack

German library service struggling to recover from ransomware attack

A popular German library service notified its users of a range of issues connected to a cyberattack targeting their service provider EKZ.

Onleihe allows users to rent and borrow e-books, electronic newspapers, magazines, audio books and music from more than 200 libraries across Germany, Austria, Switzerland, Italy, Liechtenstein, Denmark, Belgium and France.

But the platform has been facing outages since mid-April after library services provider EKZ was attacked by the Lockbit ransomware group. The Lockbit ransomware group added EKZ to its list of victims last month. 

In an FAQ released on Friday, Onleihe said its main priority will be restoring E-Audio files, after which they will move to restoring frequently borrowed titles and more.

“Due to a process error in the last week, E-Audios already encrypted with copy protection were deleted. The files of these E-Audios must now be encrypted again,” Onleihe said. 

Onleihe added that they are “making incremental progress” with restoring e-audio streaming and downloading services.

The service asked users to take a number of measures to restore the titles they have already downloaded and said e-videos were also affected by the attack.

The site’s user forum is no longer available but the statement says Web-Onleihe, Onleihe app and eReader-Onleihe are not affected by the cybersecurity incident. 

EKZ released its own statement on Thursday, noting that it is also in the process of restoring its systems. It resumed delivering equipment orders in Germany and Austria on Tuesday but asked customers to call or email them to place orders. 

The company has been working since April 18 to restore its systems, many of which were disrupted during the ransomware attack. The first statement indicated that German law enforcement was contacted. 

They were not able to say whether personal data was stolen in the attack.

The statement adds that many of the websites connected to their platform – ID-Delivery, divibib.com, the divibib user forum, ekz.de, ekz.at, ekz.fr and certain catalog data – were affected by the attack. 

Bleeping Computer noted that on Lockbit’s leak site, the ransomware group claimed to have already leaked all of the files they stole, indicating EKZ likely refused to pay a ransom. 

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.