Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Israel’s Technion – Israel Institute of Technology hit by political ransomware attack

A leading Israeli technology school, known for its expertise in cyber security, has been struck by a ransomware attack, taking its website offline and disrupting planned exams.

user icon David Hollingworth
Mon, 13 Feb 2023
Israel’s Technion – Israel Institute of Technology hit by political ransomware attack
expand image

The Technion – Israel Institute of Technology made the announcement in Hebrew on its LinkedIn page, and security experts have shared the demands and political claims of the apparent attacker, DarkBit.

“The Technion is under cyber attack,” the institute wrote overnight (which we translated into English with Google translate). “The scope and nature of the attack are under examination. In order to carry out the process of collecting and handling information, we are assisted by the best experts in the field, at the Technion and outside it, and are coordinating with the competent authorities.”

Despite the institute’s website being down at the time of writing, Technion promised campus operations would continue, but that exams were postponed.

============
============

“At this stage, the Technion has proactively blocked all communication networks,” the post adds.

Malware trackers at VX-underground shared screenshots of the text file note that DarkBit’s ransomware left behind after the attack, and the motivation seems largely political — though it has not stopped the heretofore unknown threat actor from demanding a ransom.

“We hacked #Technion, the technological core of an apartheid regime,” the note reads.

“They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only the Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had. They should pay for firing high-skilled experts. Say goodbye to your security if you support or have any kind of collaboration or partnership with Israel, or you pay its expensive price.”

The reference to “firing high-skilled experts” is also repeated in another statement, warning Technion to take the ransom demand seriously, suggesting a more personal reason for the attack on top of the political statement.

“You have to trust us,” DarkBit said. “This is our business (after firing from high-tech companies) and the reputation is all we have.”

VX believes that the note was “written using an English translator,” the group said in a tweet.

DarkBit is demanding 80 bitcoin to unencrypt the affected files — about $2.5 million at current exchange rates, or about 6.1 million in Israeli new shekel. The group has also threatened to increase the amount by 30 per cent if the institute is slow to pay, and that the data will be published within five days if the ransom is not paid.

The Israel National Cyber Directorate (INCD) told The Jerusalem Post that it was “in touch with the Technion to get a full picture of the situation, to assist with the incident and to study its consequences”.

“The field of higher education has been a central target for cyber attackers, with the INCD identifying 53 [serious] incidents of such attacks in 2022, most of which were prevented,” the INCD said.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.