Ransom demand encoded in cyber attack on Munster Technological University
Picture Denis Minihane.
Munster Technological University (MTU) has confirmed a ransom demand was embedded in the cyber attack that has closed its four Cork campuses this week.
The vice president for finance and administration at MTU, Paul Gallagher, confirmed the breach was caused by ransomware that had potentially been working through its IT systems for weeks.
The reported earlier this week that the university was in “close contact” with gardaí, the National Cyber Security Centre, and other authorities following the “significant” IT breach.
The college is preparing for a phased reopening of the Cork campuses next week, but there are concerns the attack could be worsened by allowing access to thousands of onsite computers.
“The worst thing we can do is rush this, that could make matters worse,” Mr Gallagher said.
When asked the size of the ransom demand, Mr Gallagher declined to comment, but he did acknowledge that a demand had been found encoded in one of the servers.
“We have not engaged, we are taking advice from the National Cyber Security Centre.
“We’re in a strong position, we can restore the system ourselves.
“The difficulty is actually getting into the system because the first thing that is attacked is your security and your network management system, and it is encrypted in those systems. So it took us some time to get those back and to understand the full extent of the attack.
“We were very lucky in that we intercepted this at an early stage, which puts us in quite a strong position actually. We have very good backup in place, so we did discover a ransom demand encoded in one of the servers, but we haven't engaged directly at this stage at all with the ransom," he told RTÉ radio.
Outdoor facilities at the Cork campuses are set to reopen today to facilitate pre-arranged, low-risk activities, such as sports training.
An international ransomware hacking attack has targeted thousands of computer servers running an older version of the hugely popular VMware software called ESXi.
Ronan Murphy, the executive chairman of Cork-based cybersecurity firm Smarttech247, told the that hundreds of different strains of ransomware attacks happen daily but that more than 500 companies have been hit by an international attack on ESXi.
This attack is linked to the same Russian gang that targeted the HSE with ransomware in 2021.
A ransomware attack is three-pronged, explained Mr Murphy. It first threatens to block access to data, then to leak private data, and then to cultivate the hacked data.
“So we're taking advice from the National Cyber Security Centre and our security partners in relation to that. As I said, we're in quite a strong position. We're not actually dependent on getting any encryption keys. We are in a position to restore our systems ourselves.
“The worst thing that they could do is rush this. Right now we have protocols in place and we're following those through a strict methodology. The danger is that if you rush it, you make things worse. So we have our plans in place. We are working towards a phased and a managed return to campus from Monday, and our management are working through the process.”
