The Cork campus of Munster Technological University was recently struck with a “significant” cyber-attack. This attack resulted in ransomware infections on several systems. The college has been working closely with the National Cyber Security Centre, the Data Protection Commission, and other relevant bodies including government officials to resolve the issue. Vice President of Finance and Administration, Paul Gallagher, declined to reveal the ransom amount but said a demand had been received and the team has not engaged with the attackers. In a statement made to the Irish Times, Mr. Gallagher claimed their team intercepted the attack early on and that they were able to restore the encrypted systems themselves without paying a ransom.
Ransomware continues to be a dominant force in the cybercrime industry. While mitigating this threat is difficult, it is far from impossible, especially with mature incident response, threat detection, and disaster recovery programs in place. Implementing detections for Data Encrypted for Impact (MITRE ATT&CK Technique T1486) and other common ransomware techniques will help incident response teams react as soon as possible, potentially stopping the attacker in their tracks. Backups of critical systems, if kept disconnected from the rest of the network, can provide a lifeline in the worst-case scenario. In this situation, the critical system backups let MTU bypass the attacker entirely – even after a thorough compromise.