Fraud Management & Cybercrime , Ransomware
Israel's Technion University Under Ransomware AttackAttackers Demand 80 Bitcoins, Threaten to Put Data Up for Sale If Demands Not Met
A previously unknown, self-proclaimed politically motivated hacking group disrupted Israel's Technion University following a Sunday ransomware attack.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Attackers using the name "DarkBit" took credit for the attack in a Telegram post accusing Technion of serving as "the technological core of an apartheid regime."
The Jerusalem Post reported that exams at the university are postponed pending resolution of the attack. The world-renowned university's Twitter feed stated Monday morning that some systems, including email and videoconferencing, are gradually returning to normal.
DarkBit claimed the infected files are encrypted using the AES-256 algorithm.
The group demanded 80 bitcoins - approximately $1.75 million - for a decryptor key and gave a deadline of 48 hours, after which DarkBit says it will raise its extortion demand by 30%. The group threatens to post stolen data for sale after five days if it doesn't receive a ransom.
The messaging in the ransom note is highly political and takes an anti-Israel stance. DarkBit's own tweets suggest personal animus as a motivator as well: "Be more careful when you decide to fire your employees, specially the geek ones," reads on Sunday afternoon missive.
The Israel National Cyber Directorate is "in touch with the Technion to get a full picture of the situation, to assist with the incident and to study its consequences," an INCD spokesperson told The Jerusalem Post.
"The field of higher education has been a central target for cyberattackers, with the INCD identifying 53 [serious] incidents of such attacks in 2022, most of which were prevented," the spokesperson said.