Technion Israel Institute ransomware incident

by

Israel’s Technion Institute of Technology has been subjected to a major ransomware attack by Darkbit. The ransomware threat actor has sought ransom payments. We look at the details of the ransomware incident.

Key points about the Technion Israel Institute cyber incident

  • Technion Israel Institute of Technology is one of the leading cybersecurity education centres located in Haifa, Israel.
  • Technion experienced a cyber-attack over the weekend i.e. 11th or 12th February 2023.
  • The University has confirmed the cyber attack and released a statement on 12th February.
  • The University is working on gauging the exact impact of the ransomware attack. We expect a full-scale forensics and audit trail to find the number of servers affected and the quantum of data encrypted.
  • Classes at Technion University are happening without network connectivity. No computers are being allowed to plug into the network. Students have been instructed to take notes on copies or notebooks.
  • The ransomware operator has sought 80 bitcoins or $1.7 million in ransom.
  • The ransom note suggests that Technion University has become a victim of hacktivism. Darkbit has released a statement denouncing Israel. It looks like an ideological battle being fought through the ransomware attack.
  • The website of Technion University remains offline as we write this.

The Israel National Cyber Directorate (INCD) is working closely with Technion Institute to understand the type of cyber incident to help Technion if the need be.

Ransomware attack on Technion

Technion University released the following statement:

“The Technion is under cyber attack. The scope and nature of the attack are under investigation, To carry out the process of collecting the information and handling it, we use the best experts in the field, in the Technion and outside, and coordinate with the authorities.”

Meanwhile, the Darkbit threat actor released the following statement:

“They have to pay for the occupation, the war crimes against humanity, the killing of the people (and not only the bodies of the Palestinians, but also the souls of the Israelis), and the destruction of the future and the dreams we had. They have to pay for the dismissal of very talented experts,” the letter reads.”

At this point, it looks like that ransom will not be paid. It remains unclear if the ransomware operator has encrypted any meaningful data of the Technion Institute of Technology.

It may, however, take days for teaching operations to resume in a normalized way. Until the full-scale audit of servers and data is complete, there is little chance of knowing the timeline of restoration and recovery.

How useful was this post?

Click on a star to rate it!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?

Rajesh Dhawan

Rajesh Dhawan is a technology professional who loves to blog about smart wearables, Cloud computing and Microsoft technologies. He loves to break complex problems into manageable chunks of meaningful information.