RansomHub Ransomware Hits University of Genoa Exfiltrates 18GB Data
Incident Date:
September 9, 2024
Overview
Title
RansomHub Ransomware Hits University of Genoa Exfiltrates 18GB Data
Victim
Università degli Studi di Genoa
Attacker
Ransomhub
Location
First Reported
September 9, 2024
RansomHub Ransomware Attack on Università degli Studi di Genova
The Università degli Studi di Genova (UniGe), a historic public research university in Italy, has been targeted by the ransomware group RansomHub. The attackers claim to have exfiltrated approximately 18 GB of data and have set a ransom deadline for the 23rd of September, demanding compliance to avoid further consequences.
About the Victim: Università degli Studi di Genova
Founded in 1481, UniGe is one of the oldest universities in Europe, with a significant historical and academic presence. The university operates as a non-profit institution and is officially recognized by the Italian Ministry of University and Research. It enrolls approximately 40,000 students and employs around 1,800 teaching and research staff, along with 1,580 administrative personnel. UniGe offers a wide array of programs leading to bachelor's, master's, and doctoral degrees across various disciplines. The university is known for its extensive research activities, holding 97 active patents and averaging 14 new patents annually.
Attack Overview
RansomHub, a Ransomware-as-a-Service (RaaS) group, has claimed responsibility for the attack on UniGe. The group has exfiltrated 18 GB of data and is leveraging this information to demand a ransom. The attack highlights the vulnerabilities in the university's cybersecurity infrastructure, which may include unpatched systems and inadequate defenses against sophisticated ransomware tactics.
About RansomHub
RansomHub emerged in February 2024 and quickly established itself in the ransomware landscape through an aggressive affiliate model. The group is known for its speed and efficiency, using advanced encryption techniques and data exfiltration methods. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets high-value sectors such as healthcare, financial services, and government, making it a formidable threat to organizations worldwide.
Penetration Methods
RansomHub likely penetrated UniGe's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's ransomware is optimized to encrypt large datasets quickly and can target cross-platform systems, including Windows, Linux, and ESXi. By leveraging zero-day vulnerabilities and advanced data exfiltration techniques, RansomHub was able to breach the university's defenses and exfiltrate sensitive data.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.