Munster Technological University (MTU) is being blackmailed and held to ransom by a group of hackers believed to be based either in Russia or part of the former Soviet Union, the High Court has heard.
The cyberattack on MTU's computer systems is believed to have been carried out by individuals in a ransomware group known as ALPHV, aka BlackCat or Noberus, the court heard.
MTU claims those suspected of carrying out the attack are understood to be made up of former members of the 'REvil' ransomware group that attacked a supplier of Apple in 2022.
The college received a ransom note, Mr Justice Garrett Simons was told at a late sitting of the High Court on Friday night.
The ransom note demanded a significant amount of money be paid or else confidential information, the attackers claim to have obtained about the university's staff and students, would be published.
MTU will not be paying any ransom, the court heard.
Data threat
While the college does not know the full extent to which BlackCat has obtained its data, it is very concerned about the threat to publish any material that may have been taken from the college's computer system.
The exact figure demanded by the attackers was not disclosed in open court.
MTU obtained an emergency temporary injunction preventing the unknown persons behind the attack, and anyone else who has knowledge of the order, from publishing, making it available to the public, or sharing any of the university’s confidential material.
The order also requires the attackers, or any other person in possession of the confidential data, to hand over any such material they may have to MTU.
'Significant disruption'
Seeking the orders, senior counsel Imogen McGrath said the college's operations and services to its 18,000 students have been significantly disrupted by the attack.
The injunction had been sought in order to protect the personal data of MTU students and staff and prevent BlackCat and anyone else from taking advantage of the breach of its IT system, and from breaching any property and privacy rights of those whose data may be affected.
MTU is concerned that personal data, financial information, confidential and commercially sensitive data of its students, employees, and third parties may have been accessed and extracted by those behind the attack.
Counsel that an encrypted ransom note was uncovered by MTU. The note contained a link that was followed by the National Cyber Security Centre.
A page on the Dark Web – a collection of websites that can only be accessed by a specific browser – was located where the ransom demands were outlined.
The demand was placed by BlackCat, and it sought payment of a specific sum by 11.45pm on Friday, February 10th. If the money was not paid, BlackCat threatened to publish the data.
It was clear that the intention of those behind the attack was to blackmail and extort MTU, Ms McGrath said.
Granting the orders, Mr Justice Simons said he was satisfied this was a case where an injunction should be granted on an ex-parte basis, where only one side was present in court.
The judge added that he was further satisfied to make orders allowing MTU's lawyers to serve notice of the court's order on the parties believed to be behind the cyberattack via the Dark Net page where the ransom note was posted.
The matter will return before the court later this month.
