Ransomware attack may have caused IT breach that shut all four Cork MTU campuses
Ransomware attack may have caused IT breach that shut all four Cork MTU campuses
Gardaí and the NCSC working to establish if cybercriminals were behind the Munster Technological University security breach
Ransomware attack may have caused IT breach that shut all four Cork MTU campuses
Cork School of Music, one of Munster Technological University's four Cork campuses which have been shut due to the cybersecurity threat. Stock picture: Denis Minihane
WED, 08 FEB, 2023 - 02:03
LIZ DUNPHY
Social share
Munster Technological University (MTU) is working with gardaí and the National Cyber Security Centre to establish if a major IT breach that led to the closure of its four Cork campuses is linked to an international ransomware attack on hundreds of organisations.
MTU’s four Cork campuses will remain closed today and an update is expected later on whether students can return to campus tomorrow as planned.
Other Irish universities are also on high alert to the potential cybersecurity threat.
MTU’s security systems detected the breach at an early stage, but the four Cork campuses — Bishopstown, National Maritime College of Ireland, Crawford College of Art & Design, and the Cork School of Music — remain closed today “to ensure robust student and staff data protection”.
Core systems such as email, finance, payroll, and HR are unaffected and most staff continue to work remotely while a safe way to return to teaching is found.
'People need to be really cognisant of the risk,' said Smarttech247 CEO Ronan Murphy, commenting on the recent international waves of ransomware attacks. File picture: Dan Linehan
'People need to be really cognisant of the risk,' said Smarttech247 CEO Ronan Murphy, commenting on the recent international waves of ransomware attacks. File picture: Dan Linehan
An international ransomware hacking attack in recent days has targeted thousands of computer servers running an older version of the hugely popular VMware software called ESXi.
Ronan Murphy, the executive chairman of Cork-based cybersecurity firm Smarttech247, said hundreds of different strains of ransomware attacks happen daily but that more than 500 companies have been hit by an international attack on ESXi.
This attack is linked to the same Russian gang that targeted the HSE with ransomware in 2021. Mr Murphy said:
The guys who built this attack are a spin-off of the Conti ransomware gang which hit the HSE.
“And in the US, the Department of Health warned that this ransomware is very aggressively targeting healthcare. People need to be really cognisant of the risk associated with this.”
A ransomware attack is three-pronged, explained Mr Murphy. It first threatens to block access to data, then to leak private data, and then to cultivate the hacked data.
The current international attack was difficult to detect, he said. So, akin to the 2021 attack on the HSE, the hackers had access to the system for weeks during which time they identified where the valuable data was.
Mr Murphy said: “Using the analogy of staking out a bank to rob it, they go in and identify where are all the safes — the data, the stuff that’s valuable. Then they’ll steal it. Then they’ll go to the victim and say, ‘If you want your systems up and running you need to pay us'.
One of MTU's four Cork campuses, the National Maritime College of Ireland (adjacent to the MAREI research centre) in Ringaskiddy, Cork Harbour. Picture: Eddie O'Hare
One of MTU's four Cork campuses, the National Maritime College of Ireland (adjacent to the MAREI research centre) in Ringaskiddy, Cork Harbour. Picture: Eddie O'Hare
“If the victim refuses to pay, they say, ‘We’ve stolen all your data and we have your customers’ infor-mation, employees’ information, your financial information — very sensitive data — and we’ll start leaking it publicly. And we’ll also start cultivating that data and hacking the people whose data we’ve stolen. We’ll send them phishing emails, and break into their bank accounts.’
"It’s a vicious circle of attacks they initiate," Mr Murphy said. "Data gives them more leverage.”
MTU yesterday said it is in “close contact” with gardaí and the National Cyber Security Centre.
“We are currently assessing the most appropriate solutions to allow us to return to teaching as normal and reopen our campuses,” it said.
“In the meantime, we are following all appropriate procedures and protocols to ensure the security of our systems and the wellbeing of our staff and students is maintained. Our students’ education is a top priority for us and we appreciate the patience of all students, staff, and stakeholders while we complete this vital work.”
In 2021, the HSE was hit by a ransomware attack which caused havoc with the healthcare system as it struggled to cope with a global pandemic. Although no money was paid by the State to the hackers, the incident cost millions of euros.
The University of Galway was hit by an attempted cyberattack that year but no data was stolen.
Gardaí and the NCSC working to establish if cybercriminals were behind the Munster Technological University security breach
Ransomware attack may have caused IT breach that shut all four Cork MTU campuses
Cork School of Music, one of Munster Technological University's four Cork campuses which have been shut due to the cybersecurity threat. Stock picture: Denis Minihane
WED, 08 FEB, 2023 - 02:03
LIZ DUNPHY
Social share
Munster Technological University (MTU) is working with gardaí and the National Cyber Security Centre to establish if a major IT breach that led to the closure of its four Cork campuses is linked to an international ransomware attack on hundreds of organisations.
MTU’s four Cork campuses will remain closed today and an update is expected later on whether students can return to campus tomorrow as planned.
Other Irish universities are also on high alert to the potential cybersecurity threat.
MTU’s security systems detected the breach at an early stage, but the four Cork campuses — Bishopstown, National Maritime College of Ireland, Crawford College of Art & Design, and the Cork School of Music — remain closed today “to ensure robust student and staff data protection”.
Core systems such as email, finance, payroll, and HR are unaffected and most staff continue to work remotely while a safe way to return to teaching is found.
'People need to be really cognisant of the risk,' said Smarttech247 CEO Ronan Murphy, commenting on the recent international waves of ransomware attacks. File picture: Dan Linehan
'People need to be really cognisant of the risk,' said Smarttech247 CEO Ronan Murphy, commenting on the recent international waves of ransomware attacks. File picture: Dan Linehan
An international ransomware hacking attack in recent days has targeted thousands of computer servers running an older version of the hugely popular VMware software called ESXi.
Ronan Murphy, the executive chairman of Cork-based cybersecurity firm Smarttech247, said hundreds of different strains of ransomware attacks happen daily but that more than 500 companies have been hit by an international attack on ESXi.
This attack is linked to the same Russian gang that targeted the HSE with ransomware in 2021. Mr Murphy said:
The guys who built this attack are a spin-off of the Conti ransomware gang which hit the HSE.
“And in the US, the Department of Health warned that this ransomware is very aggressively targeting healthcare. People need to be really cognisant of the risk associated with this.”
A ransomware attack is three-pronged, explained Mr Murphy. It first threatens to block access to data, then to leak private data, and then to cultivate the hacked data.
The current international attack was difficult to detect, he said. So, akin to the 2021 attack on the HSE, the hackers had access to the system for weeks during which time they identified where the valuable data was.
Mr Murphy said: “Using the analogy of staking out a bank to rob it, they go in and identify where are all the safes — the data, the stuff that’s valuable. Then they’ll steal it. Then they’ll go to the victim and say, ‘If you want your systems up and running you need to pay us'.
One of MTU's four Cork campuses, the National Maritime College of Ireland (adjacent to the MAREI research centre) in Ringaskiddy, Cork Harbour. Picture: Eddie O'Hare
One of MTU's four Cork campuses, the National Maritime College of Ireland (adjacent to the MAREI research centre) in Ringaskiddy, Cork Harbour. Picture: Eddie O'Hare
“If the victim refuses to pay, they say, ‘We’ve stolen all your data and we have your customers’ infor-mation, employees’ information, your financial information — very sensitive data — and we’ll start leaking it publicly. And we’ll also start cultivating that data and hacking the people whose data we’ve stolen. We’ll send them phishing emails, and break into their bank accounts.’
"It’s a vicious circle of attacks they initiate," Mr Murphy said. "Data gives them more leverage.”
MTU yesterday said it is in “close contact” with gardaí and the National Cyber Security Centre.
“We are currently assessing the most appropriate solutions to allow us to return to teaching as normal and reopen our campuses,” it said.
“In the meantime, we are following all appropriate procedures and protocols to ensure the security of our systems and the wellbeing of our staff and students is maintained. Our students’ education is a top priority for us and we appreciate the patience of all students, staff, and stakeholders while we complete this vital work.”
In 2021, the HSE was hit by a ransomware attack which caused havoc with the healthcare system as it struggled to cope with a global pandemic. Although no money was paid by the State to the hackers, the incident cost millions of euros.
The University of Galway was hit by an attempted cyberattack that year but no data was stolen.
