BlackCat Leaks Data Belonging to Irish UniversityOver 6-GB Dump Appears to Include Sensitive Data
The BlackCat ransomware-as-a-service group dumped more than 6 gigabytes worth of information stolen from Ireland's Munster Technological University.
The Sunday dump, which appears to include sensitive data including staff medical diagnoses and student bank account information, came days after the Irish High Court issued a temporary injunction prohibiting ransomware attackers from leaking data, Ireland's public broadcaster RTÉ reported. The court order also mandated the hackers hand over any confidential data in their possession to the university, according to the report.
"MTU will seek to enforce that injunction as far as possible," the university said in a Friday update. The university disclosed last Tuesday that a cyber incident had disrupted IT systems, causing it to cancel classes on its Cork campuses. By Wednesday, the school acknowledged that the incident had been ransomware (see: Irish University Confirms Ransomware Behind Campus Closures).
An Irish court order is unlikely to have much effect on the Russian-speaking gang behind BlackCat, also known as Alphv. The gang surfaced in November 2021 and appears to be a reboot of the notorious group known as BlackMatter, which was itself a rebrand of DarkSide.
Responding to the leak on Sunday, the university confirmed hackers did access personal information belonging to the university but added it is currently working with forensic analysts to determine the extent and nature of the data accessed by the hackers. The university also added that it is currently notifying victims affected by the breach.
Brian Honan, a cybersecurity consultant and the head of the nonprofit IRISS-CERT, said the injunction will certainly have no effect on BlackCat hackers.
"What the injunction does serve - it provides the university with a tool to enforce any third parties who come into possession of the stolen data to surrender the data to it and prevent it from publishing the stolen data," Honan said. "This would mean any organization looking to use the stolen data for online publications or blogs could be enforced not to do so."