View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 14, 2023updated 21 Aug 2023 3:53pm

BlackCat behind Munster Technology University cyberattack

The university has subsequently sought out an emergency injunction to prevent the stolen data from being misused.

By Claudia Glover

A cyberattack on Munster Technology University (MTU) in Ireland was perpetrated by the ransomware gang BlackCat, which has published information allegedly stolen in the breach.

BlackCat behind the Munster Technology University attack. (Photo by cudak/Shutterstock)

The university first detected strange behaviour on its systems on 5 February, causing it to shut down for several days. Five days later, BlackCat delivered a ransom demand which MTU has, at the time of writing, refused to pay.

BlackCat behind MTU cyberattack

As a result, a dump of more than 6GB of data was released onto the dark web on Sunday. This data appears to include personally identifiable information of staff and students including medical records and student bank account data. 

However, exactly what the data includes has not been established yet, Richard Browne, head of Ireland’s National Cyber Security Centre, explained to the Irish Examiner. “Very often when this material is released, very little happens with us depending on what it is. And of course, we don’t know exactly what it is yet,” Browne said.

According to an update released by the university, the MTU secured “an interim injunction to prevent the sale, publication, possession or other use of any data that may have been illegally taken from our systems,” from the High Court of Ireland.

Such measures are unlikely to deter cybercriminals, who are already operating illegally, explained CEO of cybersecurity company BH consulting Brian Honan to Irish news outlet RTE. “They’ve already broken the law, so another injunction isn’t going to deter them any further,” he said.

However, this could help to deter other criminals who are tempted to buy or use the data, Honan continued. “But it’s really in case other people either buy that information from the criminals, or come across the information in some other ways that they would be prevented from publishing the information on their own websites.”

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

The MTU released a further update yesterday explaining that students and staff are now returning to the campus. “The resumption of in-person teaching on campus is now successfully underway,” it reads. “We are continuing to review the incident and, in particular, the release of data on the ‘dark web’ so that we can provide any persons affected by this incident with further updates and guidance where necessary and as soon as practicable.”

BlackCat and the growing threat of Ransomware-as-a-Service

Russian gang BlackCat is a prevalent threat and a prime example of the growing threat posed by Ransomware-as-a-Service, where criminals lease out their malware to anyone willing to pay for it, a Microsoft security blog says. The gang favours the double extortion technique to coerce its victims into paying the ransom. This is where a criminal will steal information and then encrypt it, threatening to release the data onto the dark web as well as threatening to deprive the victim of access to their encrypted systems.

First observed in November 2021, BlackCat attracted attention through its use of the Rust programming language, which is uncommon in the RaaS landscape. The gang has around 250 victims, the most recent being an Indian rocket propellant manufacturer called Solar Industries.

Other high-profile victims include the Ecuadorian Army, knocking the federal body’s site offline as the gang posted its details to its dark web victim blog. BlackCat also claimed to have attacked US Defence intelligence company the NJVC, posting instructions for the company online. “We strongly recommend that you contact us to discuss your situation,” the gang wrote, “otherwise the confidential data in our possession will be released in stages every 12 hours.” There was no evidence subsequently of NJVC data being released online.

Read more: BlackCat posts luxury watchmaker Seiko to its victim blog

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.