Ransomware Attack on the University of Siena by LockBit 3.0

Incident Date: May 23, 2024

Attack Overview
VICTIM
The University of Siena
INDUSTRY
Education
LOCATION
Italy
ATTACKER
Lockbit
FIRST REPORTED
May 23, 2024

Ransomware Attack on the University of Siena by LockBit 3.0

Victim Overview

The University of Siena (Università degli Studi di Siena) in Italy was targeted by the LockBit 3.0 cybercrime group using ransomware. The university, founded in 1240, is a public institution located in Siena, Tuscany, Italy. It is one of the oldest and first publicly funded universities in Italy, known for its schools of law, medicine, and economics and management. With around 16,000 students, the university has a strong international mission, offering degrees and courses in English and ranking highly in national and international classifications.

Company Size and Industry Standing

The University of Siena has a significant student population relative to the city of Siena, with a total population of around 53,000. It ranks in the top 2.4% of universities worldwide according to the Center for World University Rankings. The university's focus on international collaboration, research, and academic programs in various fields of study makes it stand out in the education sector.

Attack Details

The attackers exfiltrated 514 gigabytes of sensitive data from the university, including documents detailing budgets, project financing, construction works, non-disclosure agreements, and investment plans. A sample of this data was leaked, although the specific ransom demand was not disclosed.

Ransomware Group Overview

LockBit 3.0, also known as LockBit Black, is a Ransomware-as-a-Service (RaaS) group that builds on the legacy of LockBit and LockBit 2.0. It is considered one of the most dangerous and disruptive ransomware threats currently active, targeting a wide range of organizations globally. LockBit 3.0 encrypts files, modifies filenames, changes desktop wallpapers, and drops ransom notes on victims' desktops.

Penetration and Vulnerabilities

LockBit 3.0 distinguishes itself by its advanced features, including lateral movement through networks, data deletion capabilities, and obfuscation to evade analysis. The ransomware group operates under a RaaS model, allowing other cybercriminals to use their malware for attacks. The University of Siena's vulnerabilities may have been exploited through phishing emails, unpatched software, or weak network security measures.

Sources:

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.