Munster Technological University ransomware attack | |
Venue: | Munster Technological University |
Location: | Ireland |
Type: | Cyberattack, data breach, ransomware |
Target: | Munster Technological University |
Suspects: | Blackcat |
In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork School of Music and National Maritime College of Ireland in Ringaskiddy.[1]
On 7 February 2023, Munster Technological University announced that it was investigating a significant breach of the information technology and telephone systems that had occurred over the weekend. Systems such as email, HR, payroll and finance were not affected.[2] In a later announcement the same day, they said that their Cork campuses would remain closed to protect staff and student data, but that the Kerry campuses were not affected.[3]
On 9 February the university confirmed that it was a ransomware attack.[4] The National Cyber Security Centre confirmed that some of their staff were working onsite at the university to assist with forensic examination of systems and recovery. HEAnet were also providing advice and support.[5]
The ransomware attack caused all of MTU's campuses in Cork to close.[6] [7]
On 11 February, the university told the High Court that they were being blackmailed by Blackcat, a Russian cybercrime group.[8] [9] The university had received a ransom note threatening to sell and or publish data if the ransom was not paid by a certain deadline. The amount was described as "significant money" but not disclosed in open court.[10]
On 12 February, it was confirmed that data from its systems had been made available on the "dark web".[11] [12]
The university is working with the Gardaí, the National Cyber Security Centre and the Data Protection Commissioner.[13]
The Minister of State for Public Procurement and eGovernment – Ossian Smyth – said that the attack was similar in many ways to the 2021 cyberattack on the HSE in that it included threats to delete data and to publish data that had been copied.[14]