Thousands of bookstores in Europe have been affected by a ransomware attack that targeted a leading software supplier.

The ransomware attack targeted TiteLive, a French company that offers cloud-based software for book sales and inventory management. Bookstores affected by the ransomware attack included Libris, Aquarius, Malperthuis, Donner and Atheneum Boekhandels, The Record reported today. Other clients listed on the company’s website include Gallimard, Paris Libraries, SciencesPo, Furet du Nord and La Pro Cure.

The form of ransomware used in the attack that targeted the company has not been disclosed. A ransom payment was demanded and the encryption, which targeted Windows servers run by TiteLive, forced the company’s products offline.

Precisely what data may have been stolen is also not clear. Media Log, the company’s main product, deals both with book inventory and sales. According to the product’s website, Media Log includes processing online orders and shipping, cash sales and customer relationship functions such as loyalty cards and direct mail. The data stolen may have included not only personally identifiable information but also payment details.

Although the attack inconvenienced the bookstores affected, none of the stores was forced to shut down. A spokesperson for bookstore chain Libris told NOS News that the ransomware attack didn’t cause any real damage. “When people order, bookstores have to work manually,” Jan Peter Renger of Libris said. “Books can be sold in the shops, but it’s very annoying.”

A spokesperson for Athenaeum Boekhandels agreed that it can still sell books in its shops, but they cannot access their inventory.  “The portal has been hacked,” the spokesperson said, “but fortunately nothing has happened to the database. We can just sell books, the cash register works.” It’s also noted that the attack has prevented affected companies from seeing customer orders.

“While malicious cybercriminals continue to target large corporations, this attack on European bookstores proves that smaller businesses are at risk as well — no company is truly safe,” Nick Tausek, security solutions architect at low-code security automation company Swimlane, told SiliconANGLE. “In this case, the bookstores’ IT infrastructure was shut down for several days, forcing employees to track sales and inventory through less reliable and accurate methods such as Excel spreadsheets and pen and paper.”

Image: Titelive