Israel’s Technion Institute Hit by Ransomware Attack

Date:

February 13, 2023

World map

Technion Institute of Technology, one of Israel's leading public research universities, has been hit by a ransomware attack and is currently in the midst of incident response to determine the scope and impact from the event.

"The Technion is under a cyber attack. The scope and nature of the attack are under investigation," a university spokesperson said. "To carry out the process of collecting the information and handling it, we use the best experts in the field, both within The Technion and outside, and coordinate with the relevant authorities. The Technion has proactively blocked all communication networks at this stage."

A previously undocumented ransomware gang dubbed DarkBit has claimed responsibility for the attack on the university's systems and issued a ransom demand of 80 Bitcoin (~ US$ 1.75M).

“Ransomware operators continue to prioritize the education sector because it’s a treasure trove of personally identifiable (PII) and financial information that can be leveraged for identity theft and other crimes. These gangs use double extortion schemes by encrypting the network as well as exfiltrating and threatening to leak data to put more pressure on their targets to pay even higher ransoms,” said Jon Miller, CEO and Co-founder at ransomware prevention specialist Halcyon.

“Even with a robust cyber program and data backups to assist in recovery efforts, organizations face additional risk from the exposure of internal communications, trade secrets, R&D assets, intellectual property and more.”

Takeaway: The fact that legacy antivirus, NGAV and EDR tools, while still very useful, were simply not designed to address the unique threat that ransomware presents. This is why we keep seeing destructive ransomware attacks circumvent these general application solutions. During a ransomware attack, the malicious code may perform multiple checks before executing to avoid analysis or victimizing unintended targets. These features can be exploited by aggravating the payload and forcing the ransomware to react defensively to avoid detection and reveal itself.

Remember, the encryption routine that disrupts victims' systems occurs at a late stage in the attack. There are potentially weeks of detectable activity on the network where the attack can be arrested if the security apparatus is specifically tuned to detect and respond to these early signals rather than focusing only on detecting and blocking the ransomware payload at the end of an attack where you only get one chance for success.”

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.