Online library app Onleihe faces problems after cyberattack on vendor

Library lending app Onleihe announced issues lending several media formats offered on the platform, such as audio, video and e-book files, after a cyberattack targeted their provider.

Onleihe is an application that allows users to connect to your local libraries and borrow e-books, e-magazines and audiobooks. The app is used by many universities in Europe as well as the international Goethe-Institut, and in Germany it accounts for around 40% of all e-book consumption.

According to the announcement, there was a system failure last week deleting files that were encrypted with copy protection.

These files will need to be re-encrypted and uploaded to the library to be available again, which is an ongoing process.

Video and audio files were affected to the point of displaying streaming errors, while e-book files affected by the incident only show the first chapter or random content samples.

Onleihe has provided a list of titles reported to be affected and advises users to remove them from their devices and re-download them.

Finally, the platform’s user forums are currently unavailable due to a technical issue of an undefined nature.

Attack against a service provider

Onleihe’s service provider EKZ suffered a cyberattack on April 18, 2022, which rendered specific systems inaccessible.

This outage impacted the sites,,,, the divibib user forum, the divibib Pentaho statistics page and catalog data, and ID-Delivery.

“Systems linked to users of the library of divibib subsidiaries with online loan (except eAudios and eVideos) and the LMSCloud as well as our messaging applications are not affected.” claimed EKZ’s announcement.

The company filed criminal charges with local law enforcement and hired third-party specialists to help with recovery while its IT team assessed available backups.

Yesterday, EKZ updated the situation, stating that most systems have been restored. However, issuing invoices and processing orders are still impacted by delays as store equipment is still offline.

LockBit 2.0 claims responsibility.

Although there was no mention of the word ransomware in EKZ’s announcement, Bleeping Computer was able to find the company listed on the LockBit ransomware data leak site.

When ransomware gangs penetrate corporate networks, they spend time stealing data to use in double extortion attacks. If a victim does not pay the ransom, this data is then leaked to the ransomware gang’s Tor data leak site.

On April 28, the LockBit gang released data allegedly stolen from EKZ, as shown below.

LockBit leaks stolen data to EKZ
Sample of data leaked by LockBit

As LockBit released 100% of the data, this indicates that EKZ will not pay the ransom and is likely restoring from backups.

Comments are closed.