The attack affected hundreds of bookstores in France, Belgium and The Netherlands.
The Record this week reported that a ransomware attack had targeted TiteLive, a French company. TiteLive sells cloud-based software for book sales and inventory management. Bookstores affected by the ransomware attack included Libris, Aquarius, Malperthuis, Donner and Atheneum Boekhandels, The company also serves Gallimard, Paris Libraries, SciencesPo, Furet du Nord and La Pro Cure.
So far no one has disclosed the form of ransomware used in the attack. The hackers have demanded a ransom payment and the encryption, which targeted Windows servers run by TiteLive, forced the company’s products offline.
Following the initial attack on TiteLive, the company shut down its IT infrastructure in order to prevent the ransomware from spreading.
This resulted in a days-long downtime of MediaLog, the company’s primary product, used by more than 1,000 bookstores, according to TiteLive’s website.
Media Log, TiteLive’s main product offering. Its services include processing online orders and shipping. It also handles cash sales and customer relationship functions such as loyalty cards and direct mail. The data stolen may thus have included not only personally identifiable information but also payment details.
Bookstores affected by the TiteLive incident have not shut down but have chosen to track sales and inventory movements using other methods, such as Excel spreadsheets and pen and paper, according to reports.
A spokesperson for the Dutch bookstore chain Libris told NOS News that the ransomware attack was bothersome, but not catastrophic. “Now we receive books from the printer, but we don’t know who they are for, ” said Jan Peter Renger of Libris. “When people order, bookstores have to work manually,” he said. “Books can be sold in the shops, but it’s very annoying.”
TiteLive told local news outlets on Wednesday that the entry point for the attack was a Windows-based server, and that they don’t plan to pay the ransom.
No ransomware gang has taken credit for the attack so far. There have been no posts or messages on the gang’s blogs and leak sites.