Munster Technological University ransomware attack explained

In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.^[1]

Background

On 7 February 2023, Munster Technological University announced that it was investigating a significant breach of the information technology and telephone systems that had occurred over the weekend. Systems such as email, HR, payroll and finance were not affected.^[2] In a later announcement the same day, they said that their Cork campuses would remain closed to protect staff and student data, but that the Kerry campuses were not affected.^[3]

On 9 February the university confirmed that it was a ransomware attack.^[4] The National Cyber Security Centre confirmed that some of their staff were working onsite at the university to assist with forensic examination of systems and recovery. HEAnet were also providing advice and support.^[5]

Impact

The ransomware attack caused all of MTU's campuses in Cork to close.^{[6] [7]}

On 11 February, the university told the High Court that they were being blackmailed by Blackcat, a Russian cybercrime group.^{[8] [9]} The university had received a ransom note threatening to sell and or publish data if the ransom was not paid by a certain deadline. The amount was described as "significant money" but not disclosed in open court.^[10]

On 12 February, it was confirmed that data from its systems had been made available on the "dark web".^{[11] [12]}

Response

The university is working with the Gardaí, the National Cyber Security Centre and the Data Protection Commissioner.^[13]

The Minister of State for Public Procurement and eGovernment – Ossian Smyth – said that the attack was similar in many ways to the 2021 cyberattack on the HSE in that it included threats to delete data and to publish data that had been copied.^[14]

Notes and References

1. News: MTU campuses to close following 'significant' IT breach . O'Donovan . Brian . 2023-02-07 . 2023-02-09 . RTÉ News.
2. News: MTU in 'close contact' with authorities over IT breach . O'Donovan . Brian . 7 February 2023 . 9 February 2023 . RTÉ News.
3. Web site: MTU closes Cork campuses due to 'significant' IT breach. Silicon Republic. Leigh. McGowran. 7 February 2023. 12 February 2023.
4. Web site: MTU confirms Cork IT breach was caused by ransomware attack. Silicon Republic. Leigh. McGowran. 9 February 2023. 12 February 2023.
5. News: MTU Cork confirms hackers have encrypted university data and demanded a ransom . Moore . Jane . . O'Connor . Niall. 9 February 2023. 9 February 2023.
6. News: MTU to resume business next Monday after crippling cyber attack. EchoLive.ie. Eoin. Kelleher. 10 February 2023. 12 February 2023.
7. News: MTU to close Cork campuses until next week following cyberattack. BreakingNews.ie. Vivienne. Clarke. 9 February 2023. 12 February 2023.
8. News: MTU being blackmailed and held to ransom, court hears. RTÉ News. 11 February 2023. 12 February 2023.
9. News: Hackers threaten to publish 'confidential' MTU data unless ransom is paid, High Court told. The Irish Times. Aodhán. Ó Faoláin. 11 February 2023. 12 February 2023.
10. News: Russian hacker group BLACKCAT demanded 'significant money' from MTU . O Faolain . Aodhan . 11 February 2023 . 12 February 2023 . TheJournal.ie.
11. News: Stolen data made available on dark web, says Munster Technological University. RTÉ News. Conor. Kane. 12 February 2023. 12 February 2023.
12. News: Data accessed in MTU cyberattack shared on 'dark web'. Irish Examiner. Niamh. Griffin. 12 February 2023. 12 February 2023.
13. News: MTU Cork confirms major IT breach caused by ransomware attack. Cork Beo. Imasha. Costa. 9 February 2023. 12 February 2023.
14. News: Teaching to resume on MTU's Cork campuses following ransomware attack. Irish Examiner. Eoin. English. 10 February 2023. 12 February 2023.