Royal ransomware claims to attack Queensland University of Technology

Queensland University of Technology

The Royal ransomware gang has claimed responsibility for a recent cyber attack on the Queensland University of Technology and has begun exfiltrating data it said was stolen during the security breach.

Queensland University of Technology (QUT) has one of Australia’s largest student populations (52,672) and an operating budget of over A$1 billion.

The university focuses on science, technology, engineering and mathematics research and has received substantial government funding in recent years to support its research.

Queensland University of Technology disclosed a cyber attack on 1 January 2023, warning students and academic staff of the inevitable disruption of services resulting from a security incident.

The university shut down all IT systems to prevent the attack from spreading, and the university is working with external experts to respond to the security incident.

“Our university staff are working around the clock to assess the situation, restore services and limit disruption to students and academic progress,” the QUT announcement read.

“Our campus will reopen on January 3, 2023, but system disruptions are expected to continue for several weeks.”

The HiQ website, ‘Digital Workplace’, ‘eStudent’ and Blackboard systems are currently unavailable, resulting in many courses and exams being rescheduled to early February.

Additionally, network drive folders, including “USB Drive”, Print Network, and VPN access using Cisco AnyConnect have been disabled until further notice.

Students currently enrolled in summer term modules may choose to withdraw without financial or academic penalty, as this interruption may not be acceptable for some.

All students and staff have been notified and a service status page has been created to report on recovery progress and service availability.

QUT students and staff have been warned to be vigilant for suspicious communication attempts and told not to attempt to interact with any university systems marked as offline on the status page.

According to the latest update from the university, there is no evidence that any data was compromised as a result of the cybersecurity incident.

Royal gang releases allegedly stolen data

While the university says there is no evidence of data theft, Operation Royal Ransomware has begun releasing data they claim has been stolen from QUT.

In a new entry on its data breach site, the ransomware group leaked HR files, email and letter correspondence, ID cards and documents, as well as financial and administrative documents, which they said accounted for 10% of the data stolen during the attack .

QUT data breach entry on Royal Ransomware website
QUT data breach entry on Royal Ransomware website
Source: BleepingComputer

While BleepingComputer was unable to verify whether the leaked documents were stolen from QUT, they appear to be related to the university.

The Royal ransomware operation began in September 2022 and was a spin-off of the infamous Conti ransomware group, which shut down in May 2022.

The ransomware operation was originally launched under the name Zeon Group, but changed its name to “Royal Group” in September.

The group quickly attracted the attention of researchers and governments after launching multiple attacks against healthcare organizations.

Recently, the ransomware group attacked telecommunications provider Intrado, initially demanding a $60 million ransom.

Source link