LAST UPDATE | 8 Feb 2023
MUNSTER TECHNOLOGICAL UNIVERSITY Cork has confirmed that hackers have encrypted data and demanded a ransom.
Tonight the college, in a statement, said that they were working closely with State agencies including gardaí, National Cyber Security Centre and the Data Protection Commissioner.
This is the second incidence of a major ransomware attack on an Irish State entity with the HSE previously suffering a similar breach.
“The incident resulted in the encryption of certain MTU systems for the purpose of demanding a ransom,” a spokesperson said.
MTU also confirmed that it was working closely with investigators and also instigated “a dual process to investigate the attack as well as the safest and most efficient recovery process”.
The statement did not explicitly say if student data was affected.
“The nature and extent of this incident, including what data may have been breached, remains under investigation. Students and staff do not need to take any action at this time and MTU will notify any affected individuals in line with our data protection obligations.
“While it is still early in this process we are following all appropriate protocols and procedures in order to minimise and mitigate any impact that this incident may have and to facilitate the restoration of our education services as a top priority.
“We wish to reassure students and staff that we are looking at all of our options as part of this dynamic and evolving situation,” the statement added.
The campus will remain closed Thursday and Friday following the “significant” IT breach and telephone outage earlier this weekend.
It comes amid suspicions that the cyber breach attack was targeted specifically over the long weekend to delay the response, with sources saying it is a “common pattern” for hackers.
Classes in Bishopstown, the National Maritime College of Ireland, the Crawford College of Art and Design and the Cork School of Music were cancelled today and yesterday after the breach, but all campuses will now remain closed until next week.
MTU’s Cork campuses will remain closed on Thursday 9th and Friday 10th of February due to the significant IT breach and telephone outage which occurred last weekend. Our campuses in Kerry remain unaffected. https://t.co/puPXZvaJst
— Munster Technological University (@MTU_ie) February 8, 2023
MTU campuses in Kerry remain unaffected.
A cybersecurity source said that it was not a coincidence that the breach occurred over the long bank holiday weekend.
The source said that there has been evidence in the past that hackers specifically pick the Friday or a long weekend or holiday period.
“It is execution on Friday evening followed by discovery on the bank holiday – it is a common pattern,” a source said.
Gardaí have been alerted and the force’s Garda National Cyber Crime Bureau are involved in the investigation.
A spokesperson confirmed that the college reported the breach to Togher Garda Station – it is believed the national unit was then alerted.
It is understood that the National Cyber Security Centre have a capacity to monitor activities across the internet and assist the victim during the breach to limit the damage.
It is also believed that gardaí monitor the Darkweb, a criminal part of the internet, to monitor if there is any data leaked online.
The ransomware attack on the HSE is a perfect example where the criminals block use of the computer systems in return for the payment of money.
In May 2021, the HSE was targeted by a criminal cyber-attack, the aim of which was to disrupt the health service and computer systems, illegally access and copy data, and demand a ransom for its return.
The cyber-attack was stopped once the HSE became aware of it. No ransom was paid by the HSE or the State.
The attack resulted in the HSE having to close down its all of its IT services, causing widespread delays and the cancellation of appointments at hospitals across the country.
The MTU campus is one of Ireland’s leading cyber security training institutions.
MTU Cork’s statement continued: “Our students’ education is a top priority for us and we appreciate the patience of all students, staff and stakeholders while we complete this vital work.
“We are currently assessing all appropriate and effective solutions to allow us to return to teaching as normal and reopen our campuses as quickly and safely as possible.”
It said a further update will be issued as soon as possible.
In a statement to The Journal, the National Cyber Security Centre (NCSC) said both it and the Department of Further and Higher Education, Research, Innovation and Science are aware of the IT breach and telephone outage and “are engaging with relevant stakeholders”.
“MTU have been in contact with all the relevant authorities and stakeholders, including An Garda Síochána, the Higher Education Authority, the NCSC, and the Department in relation to the breach,” the statement read,
“NCSC staff are on-site to assist with the forensic examination and recovery of systems to allow MTU to return to full operations as soon as possible.”
The NCSC said there is “no suggestion of any risk to other services in the State as a consequence of this incident”.
“The MTU has contingency plans in place for such an event and this means that core systems such as email, HR, finance, payroll and others are unaffected by this breach and are continuing to operate as normal. It also means that the majority of MTU staff can continue to work remotely while a safe return to teaching is planned.
“HEANet, the education sector’s ICT shared services provider, is providing advice and support in relation to recovery options for services that HEAnet provide to MTU.”
To embed this post, copy the code below on your site
have your say