Israel’s Technion Institute Hit by Ransomware Attack

Incident Date:

February 13, 2023

World map



Israel’s Technion Institute Hit by Ransomware Attack


Technion Institute of Technology




, Israel

, Israel

First Reported

February 13, 2023

Technion Institute of Technology Hit by Ransomware Attack

Technion Institute of Technology, one of Israel's leading public research universities, has been hit by a ransomware attack and is currently in the midst of incident response to determine the scope and impact from the event.

"The Technion is under a cyber attack. The scope and nature of the attack are under investigation," a university spokesperson said. "To carry out the process of collecting the information and handling it, we use the best experts in the field, both within The Technion and outside, and coordinate with the relevant authorities. The Technion has proactively blocked all communication networks at this stage."

DarkBit Ransomware Gang Claims Responsibility

A previously undocumented ransomware gang dubbed DarkBit has claimed responsibility for the attack on the university's systems and issued a ransom demand of 80 Bitcoin (~ US$ 1.75M).

The Attraction of the Education Sector for Ransomware Operators

“Ransomware operators continue to prioritize the education sector because it’s a treasure trove of personally identifiable (PII) and financial information that can be leveraged for identity theft and other crimes. These gangs use double extortion schemes by encrypting the network as well as exfiltrating and threatening to leak data to put more pressure on their targets to pay even higher ransoms,” said Jon Miller, CEO and Co-founder at ransomware prevention specialist Halcyon.

“Even with a robust cyber program and data backups to assist in recovery efforts, organizations face additional risk from the exposure of internal communications, trade secrets, R&D assets, intellectual property and more.”


Takeaway: The fact that legacy antivirus, NGAV and EDR tools, while still very useful, were simply not designed to address the unique threat that ransomware presents. This is why we keep seeing destructive ransomware attacks circumvent these general application solutions. During a ransomware attack, the malicious code may perform multiple checks before executing to avoid analysis or victimizing unintended targets. These features can be exploited by aggravating the payload and forcing the ransomware to react defensively to avoid detection and reveal itself.

Remember, the encryption routine that disrupts victims' systems occurs at a late stage in the attack. There are potentially weeks of detectable activity on the network where the attack can be arrested if the security apparatus is specifically tuned to detect and respond to these early signals rather than focusing only on detecting and blocking the ransomware payload at the end of an attack where you only get one chance for success. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.