Ransomware Attack on the University of Siena by LockBit 3.0
Incident Date:
May 23, 2024
Overview
Title
Ransomware Attack on the University of Siena by LockBit 3.0
Victim
The University of Siena
Attacker
Lockbit3
Location
First Reported
May 23, 2024
Ransomware Attack on the University of Siena by LockBit 3.0
Victim Overview
The University of Siena (Università degli Studi di Siena) in Italy was targeted by the LockBit 3.0 cybercrime group using ransomware. The university, founded in 1240, is a public institution located in Siena, Tuscany, Italy. It is one of the oldest and first publicly funded universities in Italy, known for its schools of law, medicine, and economics and management. With around 16,000 students, the university has a strong international mission, offering degrees and courses in English and ranking highly in national and international classifications.
Company Size and Industry Standing
The University of Siena has a significant student population relative to the city of Siena, with a total population of around 53,000. It ranks in the top 2.4% of universities worldwide according to the Center for World University Rankings. The university's focus on international collaboration, research, and academic programs in various fields of study makes it stand out in the education sector.
Attack Details
The attackers exfiltrated 514 gigabytes of sensitive data from the university, including documents detailing budgets, project financing, construction works, non-disclosure agreements, and investment plans. A sample of this data was leaked, although the specific ransom demand was not disclosed.
Ransomware Group Overview
LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that builds on the legacy of LockBit and LockBit 2.0. It is considered one of the most dangerous and disruptive ransomware threats currently active, targeting a wide range of organizations globally. LockBit 3.0 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops.
Penetration and Vulnerabilities
LockBit 3.0 distinguishes itself by its advanced features, including lateral movement through networks, data deletion capabilities, and obfuscation to evade analysis. The ransomware group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks. The University of Siena's vulnerabilities may have been exploited through phishing emails, unpatched software, or weak network security measures.
Sources:
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.