Swinburne University Hit by RansomHub Ransomware Attack in 2024
Incident Date:
August 30, 2024
Overview
Title
Swinburne University Hit by RansomHub Ransomware Attack in 2024
Victim
Swinburne University of Technology
Attacker
Ransomhub
Location
First Reported
August 30, 2024
RansomHub Ransomware Attack on Swinburne University of Technology
In August 2024, Swinburne University of Technology's Sarawak Campus in Malaysia was targeted by the ransomware group RansomHub. The attack resulted in the theft of sensitive data, including passport scans, letters of completion, and student applications. The university promptly notified the Computer Emergency Response Team (CERT) of Malaysia’s National Cyber Security Agency and took swift action to contain the breach.
About Swinburne University of Technology
Swinburne University of Technology, established in 1908, is a prominent educational institution located in Melbourne, Australia. Known for its focus on innovation, research, and industry engagement, the university offers a wide range of undergraduate and postgraduate programs. It operates multiple campuses, including those in Hawthorn, Croydon, Wantirna, and Sarawak, Malaysia. The university employs between 1,001 to 5,000 staff members and serves a large, diverse student body.
Attack Overview
The ransomware attack on Swinburne's Sarawak Campus was orchestrated by RansomHub, a Ransomware-as-a-Service (RaaS) group. The attack led to the theft of sensitive data, although the core business systems were fully recovered without further disruption. Swinburne Sarawak is collaborating with specialists to conduct forensic investigations to ascertain the full extent of the breach. The university clarified that its IT systems are distinct from those of its Australian campuses, which were not impacted by the incident.
About RansomHub
RansomHub emerged in February 2024 as a successor to the Cyclops and Knight ransomware variants. The group is known for its speed and efficiency, using advanced data exfiltration techniques and intermittent encryption to minimize encryption time while maintaining impact. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets large enterprises with valuable data, focusing on sectors such as healthcare, financial services, and government.
Penetration Methods
RansomHub's affiliates likely penetrated Swinburne's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's ransomware is optimized to encrypt large datasets quickly and targets a wide range of cross-platform systems, including Windows, Linux, and ESXi. By leveraging zero-day vulnerabilities and advanced obfuscation techniques, RansomHub effectively evades detection and delivers swift results.
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.