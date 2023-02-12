Data from a college has been shared on the darkweb in a ransomware attack described as an “evolving situation,” despite a High Court injunction to block the data breach.

Students and staff were notified by Munster Technological University (MTU) earlier this evening that its data had been copied and shared on the dark web. The college has not yet described what type of data has been shared.

In a statement MTU said: “Today, Sunday 12 February, following careful and ongoing monitoring of this evolving situation, Munster Technological University (MTU) have received confirmation from our technical advisors and members of the National Cyber Security Centre, who have been assisting us in relation to this incident that certain data has been accessed and copied from MTU systems in the course of the ransomware incident and made available on the ‘darkweb’.

“The Data Protection Commission has been informed of this development. Our forensic experts are continuing to investigate this incident and will review the nature of the data compromised.

“While it is not possible at this early stage to fully ascertain the exact nature of all data (including personal data) affected or the identity of all persons affected by this release, we have already commenced the process of notifying those potentially affected of this development.”

MTU had previously revealed it was being blackmailed and held to ransom by a group of hackers, believed to be based either in Russia or part of the former Soviet Union, the High Court heard last week.

The cyber attack on MTU's IT system, detected in recent days, is believed to have been carried out by individuals in a ransomware group known as ALPHV aka BlackCat or Noberus, the court heard.

MTU had claimed those suspected of carrying out the attack are understood to be made up of former members of the 'REvil' ransomware group, which in 2022 attacked a supplier of Apple and was based in Russia.

The High Court heard that the college received a ransom notification demanding what Mr Justice Garrett Simons was told was a significant sum of money.

The college was warned if this was not received the hackers would publish confidential information the attackers claimed to have obtained from MTU's IT system about the university's staff and students. MTU told the court it would not pay any ransom.

The college this evening (Sun) advised those potentially affected to follow the advice of the National Cyber Security Centre issued, while it continued with its investigation.

Following the advice was a necessary move until the college was in a “position to provide a further specific update and guidance to affected individuals in line with our data protection obligations”.

The college has already secured an interim injunction from the High Court, in response to the incident, as an attempt to “mitigate” the data breach and to “prevent the sale, publication, sharing, possession, or any other use of any data illegally obtained from MTU systems in the course of this ransomware incident.”

MTU classes are due to take place as normal tomorrow (Mon), following a closure of services last week.

The college’s forensic advisers are scheduled to continue monitoring the internet for evidence that this “illegally removed data is being shared or published,” the statement explained.

“We will work with search engines and social media networks and any other relevant digital publisher to the extent necessary and so far as is possible to enforce the injunction and have data removed,” the college added.

“All possible affected persons should be extra vigilant in respect of potential attacks by email or SMS or other unsolicited communications. Further information and advice on how to spot and protect yourself against phishing attacks is available from the National Cyber Security Centre…

“We wish to reassure our students, staff and all other persons potentially affected by this update that we are deploying all available resources with the support of our external forensic advisers and the National Cyber Security Centre in the investigation and mitigation of this matter.”