City of Oakland, Irish and Israeli universities suffer ransomware attacks

Latest swathe of ransomware hits

The city of Oakland, California, has fallen victim to a ransomware attack, forcing the city to shut down its systems.

The City said in a statement that the attack has not impacted critical services such as 911 dispatch, fire and emergency resources, which continue to operate normally.

The City's Information Technology Department (ITD) is working in coordination with law enforcement to investigate the attack and restore impacted services. The City says it has initiated a plan to respond to the attack based on industry best practices.

The public has been informed that there may be delays.

"We are actively monitoring the situation and sending updated information as it becomes available," the statement reads.

The identity of the gang behind the attack is yet to be determined. The City has not yet disclosed any information about ransom demands or data theft from the compromised systems.

Oakland reporter Jaime Omar Yassin was the first to break the news on Twitter last week.

Last year, Yassin reported that the City's IT department was understaffed and vulnerable to ransomware attacks.

Munster Technological University data leak

Munster Technological University (MTU) in Cork, Ireland confirmed on Sunday that the data stolen in a recent cyberattack is now available on the dark web.

The university said in a statement that its technical advisers and the National Cyber Security Centre (NCSC) has informed it that specific data was accessed and copied from MTU systems during the ransomware attack and now made available on the dark web.

The NCSC has been assisting the MTU since the incident.

While the institution said it was not feasible to fully determine the exact nature of all data, including personal data affected or the identities of all people impacted by this leak, it has started informing those possibly affected.

MTU is also advising people to be wary of possible phishing attacks, providing advice on how to protect themselves from them.

The university claims it has taken precautions to safeguard its students and employees by deploying all of its resources in the investigation of the attack, with support of professional forensic experts and the NCSC.

In addition, the MTU has secured an interim order from the Irish High Court to prohibit the sharing, publication, possession, or use of unlawfully acquired material.

The forensic experts at MTU will monitor the internet for indications that the data is being shared or published. They will also collaborate with search engines, social media networks, and any other relevant digital publishers to implement the injunction and have the data deleted.

The university's Cork campuses, which were closed last week due to the cyber attack, will resume on Monday, with classes returning to their regular schedules.

Technion - Israel Institute of Technology receives ransom demand

Technion - Israel Institute of Technology, based in Haifa, has also been affected by ransomware.

"The Technion is under a cyberattack. The scope and nature of the attack are under investigation," the university said in a statement.

"To carry out the process of collecting the information and handling it, we use the best experts in the field, both within The Technion and outside, and coordinate with the relevant authorities. The Technion has proactively blocked all communication networks at this stage."

A previously unknown group called DarkBit posted a ransom demand of 80 bitcoin in return for releasing a decryptor, with a 30% penalty and a threat to release data if the university does not pay.

DarkBit's identity is unclear, but the ransom note makes reference to Israel being an "apartheid state" and also mentions skilled technicians being laid off, so the group's motives may be political or possibly revenge by disgruntled insiders.

Ransomware has emerged as one of the most costly and disruptive issues for companies worldwide in recent years.

Last year NordLocker examined 18 sectors in various countries where businesses suffer the most ransomware attacks, and found that business services suffered the highest number of ransomware attacks (10.1%), followed by education (9.7%), construction (8.9%), transportation (7.7%), manufacturing (7.3%) and public sector institutions (5.7%).

Conti and LockBit were the two most active ransomware gangs targeting the UK, claiming responsibility for 22.2% and 11.5% of attacks, respectively. They were also the most active groups worldwide.