Munster Technological University ransomware attack

Munster Technological University ransomware attack
Date7 February 2023 (2023-02-07)
VenueMunster Technological University
LocationIreland
TypeCyberattack, data breach, ransomware
TargetMunster Technological University
Outcome
  • Closing of Cork campuses
  • Stolen data published on the dark web
SuspectsBlackcat

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.[1]

Background

On 7 February 2023, Munster Technological University announced that it was investigating a significant breach of the information technology and telephone systems that had occurred over the weekend. Systems such as email, HR, payroll and finance were not affected.[2] In a later announcement the same day, they said that their Cork campuses would remain closed to protect staff and student data, but that the Kerry campuses were not affected.[3]

On 9 February the university confirmed that it was a ransomware attack.[4] The National Cyber Security Centre confirmed that some of their staff were working onsite at the university to assist with forensic examination of systems and recovery. HEAnet were also providing advice and support.[5]

Impact

The ransomware attack caused all of MTU's campuses in Cork to close.[6][7]

On 11 February, the university told the High Court that they were being blackmailed by Blackcat, a Russian cybercrime group.[8][9] The university had received a ransom note threatening to sell and or publish data if the ransom was not paid by a certain deadline. The amount was described as "significant money" but not disclosed in open court.[10]

On 12 February, it was confirmed that data from its systems had been made available on the "dark web".[11][12]

Response

The university is working with the Gardaí, the National Cyber Security Centre and the Data Protection Commissioner.[13]

The Minister of State for Public Procurement and eGovernmentOssian Smyth – said that the attack was similar in many ways to the 2021 cyberattack on the HSE in that it included threats to delete data and to publish data that had been copied.[14]

References

  1. ^ O'Donovan, Brian (7 February 2023). "MTU campuses to close following 'significant' IT breach". RTÉ News. Retrieved 9 February 2023.
  2. ^ O'Donovan, Brian (7 February 2023). "MTU in 'close contact' with authorities over IT breach". RTÉ News. Retrieved 9 February 2023.
  3. ^ McGowran, Leigh (7 February 2023). "MTU closes Cork campuses due to 'significant' IT breach". Silicon Republic. Retrieved 12 February 2023.
  4. ^ McGowran, Leigh (9 February 2023). "MTU confirms Cork IT breach was caused by ransomware attack". Silicon Republic. Retrieved 12 February 2023.
  5. ^ Moore, Jane; O'Connor, Niall (9 February 2023). "MTU Cork confirms hackers have encrypted university data and demanded a ransom". TheJournal.ie. Retrieved 9 February 2023.
  6. ^ Kelleher, Eoin (10 February 2023). "MTU to resume business next Monday after crippling cyber attack". EchoLive.ie. Retrieved 12 February 2023.
  7. ^ Clarke, Vivienne (9 February 2023). "MTU to close Cork campuses until next week following cyberattack". BreakingNews.ie. Retrieved 12 February 2023.
  8. ^ "MTU being blackmailed and held to ransom, court hears". RTÉ News. 11 February 2023. Retrieved 12 February 2023.
  9. ^ Ó Faoláin, Aodhán (11 February 2023). "Hackers threaten to publish 'confidential' MTU data unless ransom is paid, High Court told". The Irish Times. Retrieved 12 February 2023.
  10. ^ O Faolain, Aodhan (11 February 2023). "Russian hacker group BLACKCAT demanded 'significant money' from MTU". TheJournal.ie. Retrieved 12 February 2023.
  11. ^ Kane, Conor (12 February 2023). "Stolen data made available on dark web, says Munster Technological University". RTÉ News. Retrieved 12 February 2023.
  12. ^ Griffin, Niamh (12 February 2023). "Data accessed in MTU cyberattack shared on 'dark web'". Irish Examiner. Retrieved 12 February 2023.
  13. ^ Costa, Imasha (9 February 2023). "MTU Cork confirms major IT breach caused by ransomware attack". Cork Beo. Retrieved 12 February 2023.
  14. ^ English, Eoin (10 February 2023). "Teaching to resume on MTU's Cork campuses following ransomware attack". Irish Examiner. Retrieved 12 February 2023.