Munster Technological University ransomware attack

On 7 February 2023, Munster Technological University announced that it was investigating a significant breach of the information technology and telephone systems that had occurred over the weekend. Systems such as email, HR, payroll and finance were not affected.{{Cite news |title=MTU in 'close contact' with authorities over IT breach |url=https://www.rte.ie/news/regional/2023/0207/1354156-munster-technological-university/ |last=O'Donovan |first=Brian |date=7 February 2023 |access-date=9 February 2023 |publisher=RTÉ News}} In a later announcement the same day, they said that their Cork campuses would remain closed to protect staff and student data, but that the Kerry campuses were not affected.{{cite web|url=https://www.siliconrepublic.com/enterprise/mtu-it-breach-outage-cork|title=MTU closes Cork campuses due to 'significant' IT breach|work=Silicon Republic|first=Leigh|last=McGowran|date=7 February 2023|accessdate=12 February 2023}}

On 9 February the university confirmed that it was a ransomware attack.{{cite web|url=https://www.siliconrepublic.com/enterprise/mtu-it-breach-ransomware-cyberattack-cork|title=MTU confirms Cork IT breach was caused by ransomware attack|work=Silicon Republic|first=Leigh|last=McGowran|date=9 February 2023|accessdate=12 February 2023}} The National Cyber Security Centre confirmed that some of their staff were working onsite at the university to assist with forensic examination of systems and recovery. HEAnet were also providing advice and support.{{Cite news |title=MTU Cork confirms hackers have encrypted university data and demanded a ransom |url=https://www.thejournal.ie/mtu-cork-campuses-remain-closed-it-breach-5990335-Feb2023/ |last1=Moore |first1=Jane |work=TheJournal.ie |last2=O'Connor |first2=Niall|date=9 February 2023|accessdate=9 February 2023}}

The ransomware attack caused all of MTU's campuses in Cork to close.{{cite news|url=https://www.echolive.ie/corknews/arid-41069102.html|title=MTU to resume business next Monday after crippling cyber attack|work=EchoLive.ie|first=Eoin|last=Kelleher|date=10 February 2023|accessdate=12 February 2023}}{{cite news|url=https://www.breakingnews.ie/ireland/mtu-to-close-cork-campuses-until-next-week-following-cyberattack-1430052.html|title=MTU to close Cork campuses until next week following cyberattack|work=BreakingNews.ie|first=Vivienne|last=Clarke|date=9 February 2023|accessdate=12 February 2023}}

On 11 February, the university told the High Court that they were being blackmailed by Blackcat, a Russian cybercrime group.{{cite news|url=https://www.rte.ie/news/courts/2023/0211/1356002-mtu-it-breach/|title=MTU being blackmailed and held to ransom, court hears|publisher=RTÉ News|date=11 February 2023|accessdate=12 February 2023}}{{cite news|url=https://www.irishtimes.com/ireland/education/2023/02/11/hackers-threaten-to-publish-confidential-mtu-data-unless-ransom-is-paid-high-court-told/|title=Hackers threaten to publish 'confidential' MTU data unless ransom is paid, High Court told|publisher=The Irish Times|first=Aodhán|last=Ó Faoláin|date=11 February 2023|accessdate=12 February 2023}} The university had received a ransom note threatening to sell and or publish data if the ransom was not paid by a certain deadline. The amount was described as "significant money" but not disclosed in open court.{{Cite news |title=Russian hacker group BLACKCAT demanded 'significant money' from MTU |url=https://www.thejournal.ie/mtu-cyber-attack-high-court-5992818-Feb2023/ |last=O Faolain |first=Aodhan |date=11 February 2023 |access-date=12 February 2023 |work=TheJournal.ie}}

On 12 February, it was confirmed that data from its systems had been made available on the "dark web".{{cite news|url=https://www.rte.ie/news/ireland/2023/0212/1356222-munster-technological-university/|title=Stolen data made available on dark web, says Munster Technological University|publisher=RTÉ News|first=Conor|last=Kane|date=12 February 2023|accessdate=12 February 2023}}{{cite news|url=https://www.irishexaminer.com/news/munster/arid-41069915.html|title=Data accessed in MTU cyberattack shared on 'dark web'|publisher=Irish Examiner|first=Niamh|last=Griffin|date=12 February 2023|accessdate=12 February 2023}}

The university is working with the Gardaí, the National Cyber Security Centre and the Data Protection Commissioner.{{cite news|url=https://www.corkbeo.ie/news/local-news/mtu-cork-confirms-major-breach-26193361|title=MTU Cork confirms major IT breach caused by ransomware attack|work=Cork Beo|first=Imasha|last=Costa|date=9 February 2023|accessdate=12 February 2023}}

The Minister of State for Public Procurement and eGovernment – Ossian Smyth – said that the attack was similar in many ways to the 2021 cyberattack on the HSE in that it included threats to delete data and to publish data that had been copied.{{cite news|url=https://www.irishexaminer.com/news/munster/arid-41068844.html|title=Teaching to resume on MTU's Cork campuses following ransomware attack|publisher=Irish Examiner|first=Eoin|last=English|date=10 February 2023|accessdate=12 February 2023}}

{{reflist}}

{{Use Hiberno-English|date=February 2023}}

{{Use dmy dates|date=February 2023}}

{{Hacking in the 2020s}}

Category:2023 crimes in the Republic of Ireland

Category:February 2023 crimes in Europe

Category:February 2023 in Ireland

Category:2023 in computing

Category:Hacking in the 2020s

Category:Cyberattacks

Category:Cybercrime in the Republic of Ireland

Category:Ransomware