Royal ransomware claims attack on Queensland University of Technology

The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to leak data allegedly stolen during the security breach.

Queensland University of Technology (QUT) is one of the largest universities in Australia by the number of students (52,672), operating on a budget that surpasses one billion A$.

The university is focused on scientific, technological, engineering, and mathematical studies and has received significant government funding to back its research in recent years.

QUT disclosed a cyberattack on January 1st, 2023, warning students and academic staff of inevitable service disruptions resulting from the security incident.

The university shut down all IT systems to prevent the attack's spread, and the university is working with external experts to respond to the security incident.

"Our university staff are working around the clock to assess the situation, restore services and limit disruption to students and academic progress," reads the QUT announcement.

"Our campuses will reopen on 3 January 2023, but it is expected that there will be some system disruptions that will continue for some weeks."

Currently, the HiQ website, 'Digital Workplace', 'eStudent', and Blackboard systems are unavailable, causing many courses and exams to be rescheduled until early February.

Moreover, network drive folders, including 'U Drive', the printing network, and access via VPN using Cisco AnyConnect have been disabled until further notice.

Students currently enrolled in a summer semester unit will be given the option to withdraw without financial or academic penalty, as this disruption might be unacceptable for some.

All students and personnel have been informed of the situation via notices, and a service status page has been created to report the restoration progress and service availability.

QUT students and staff were warned to remain vigilant for suspicious communication attempts and were told not to try to interact with any university systems marked offline on the status page.

According to the latest updates from the university, there's no evidence that any data has been compromised due to the cybersecurity incident.

Royal gang releases allegedly stolen data

While the university says there is no evidence of data being stolen, the Royal ransomware operation has already begun publishing data that they claim was stolen from QUT.

In a new entry on their data leak site, the ransomware group leaked HR files, email and letter communications, ID cards and documents, and financial and administrative documents that they state represents 10% of the data stolen during the attack.

While BleepingComputer cannot verify if the leaked files were stolen from QUT, they appear to be linked to the university.

The Royal ransomware operation started in September 2022 as a spin-off of the notorious Conti ransomware group, which shut down in May 2022.

The ransomware operation first launched as the Zeon group but rebranded as the 'Royal Group' in September.

The gang quickly gained the attention of researchers and governments after launching several attacks against healthcare organizations.

Recently, the ransomware group attacked telecommunications provider Intrado, initially demanding a ransom payment of $60,000,000.