The Royal ransomware gang has claimed responsibility for a recent cyberattack on Queensland University of Technology and has begun leaking data allegedly stolen during the security breach.
Queensland University of Technology (QUT) is one of Australia’s largest universities by student numbers (52,672), operating on a budget that exceeds AUD$1 billion.
The university focuses on science, technology, engineering and mathematics studies and has received significant government funding to support its research in recent years.
QUT disclosed a cyberattack on January 1, 2023, warning students and academic staff of inevitable service disruptions resulting from the security incident.
The university shut down all computer systems to prevent the attack from spreading, and the university is working with outside experts to respond to the security incident.
“Our university staff are working around the clock to assess the situation, restore services, and limit disruption to students and academic progress,” reads the statement. QUT announcement.
“Our campuses will reopen on January 3, 2023, but it is expected that there will be system disruptions that will continue for a few weeks.”
Currently, the HiQ website, “Digital Workplace”, “eStudent” and Blackboard systems are unavailable, causing many courses and exams to be postponed until early February.
Additionally, network drive folders including “U Drive”, network printing, and access via VPN using Cisco AnyConnect have been disabled until further notice.
Students currently enrolled in a summer semester unit will have the option of withdrawing without financial or academic penalty, as this interruption may be unacceptable to some.
All students and staff have been made aware of the situation through notices, and a service status page was created to report restoration progress and service availability.
QUT students and staff have been warned to remain vigilant for suspicious communication attempts and not to attempt to interact with university systems marked offline on the status page.
According to the latest updates from the university, there is no evidence that any data was compromised due to the cybersecurity incident.
Royal gang release allegedly stolen data
While the university says there is no evidence of data theft, Operation Royal ransomware has already started releasing data it claims was stolen from QUT.
In a new entry on their data leak site, the ransomware group has leaked HR files, emails and letters, ID cards and documents, as well as financial and administrative documents which they claim are represent 10% of the data stolen during the attack.
Although BleepingComputer cannot verify whether the leaked files were stolen from QUT, they appear to be related to the university.
Operation Royal ransomware started in September 2022 as spin-off of the notorious Conti ransomware groupwhich closed in May 2022.
The ransomware operation was first launched as the Zeon group, but renamed ‘Royal Group’ in September.
The gang quickly came to the attention of researchers and governments after launching several attacks against health organizations.
Recently, the ransomware group attacked the telecommunications provider Intradoinitially demanding payment of a ransom of $60,000,000.