ANU Enterprise Hit by ThreeAM Ransomware Raising Cyber Concerns
Incident Date:
October 31, 2024
Overview
Title
ANU Enterprise Hit by ThreeAM Ransomware Raising Cyber Concerns
Victim
ANU Enterprise
Attacker
3AM
Location
First Reported
October 31, 2024
Ransomware Attack on ANU Enterprise: A Closer Look at the ThreeAM Breach
ANU Enterprise, the commercial arm of the Australian National University (ANU), has recently been targeted by the ransomware group known as ThreeAM. This attack has raised significant concerns within the cybersecurity community, given the organization's pivotal role in bridging academic research with industry and government sectors.
About ANU Enterprise
ANU Enterprise operates as a small to medium enterprise (SME) within the academic sector, primarily based in Canberra, Australia. It is a wholly-owned subsidiary of ANU, dedicated to enhancing the impact of the university's research through consulting, contract research, and executive education initiatives. The organization is known for its comprehensive business development and project management services, which support researchers from the initial concept of their projects through to delivery and evaluation. This strategic alignment with industry needs and government priorities makes ANU Enterprise a standout entity in the education sector.
Attack Overview
On October 31, ANU Enterprise's name appeared on the dark web leak site associated with the ThreeAM ransomware group. While the attackers have claimed responsibility, they have not released specific details about the incident or published any exfiltrated data. It remains unclear whether any data was stolen or if ransomware was deployed. The lack of transparency from the threat actors leaves the extent of the breach uncertain, and it is unknown if any negotiations have taken place between the parties involved.
About ThreeAM Ransomware Group
ThreeAM, also known as 3AM, is a relatively new player in the ransomware landscape, distinguished by its use of the Rust programming language, which enhances its performance and complicates analysis. The group is known for encrypting files and appending the extension `.threeamtime`, and it often serves as a fallback option when other ransomware deployments, such as LockBit, fail. ThreeAM's connections to established groups like Conti and Royal suggest a sophisticated operational framework, making it a formidable threat in the cybersecurity domain.
Potential Vulnerabilities
ANU Enterprise's role in facilitating collaborations between researchers and external partners may expose it to vulnerabilities, particularly in terms of data handling and project management. The organization's integration with various stakeholders and its reliance on digital infrastructure could have provided an entry point for the ThreeAM group. The attack underscores the importance of cybersecurity measures, especially for entities involved in sensitive research and industry collaborations.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.