ANU Enterprise Hit by ThreeAM Ransomware Raising Cyber Concerns
Ransomware Attack on ANU Enterprise: A Closer Look at the ThreeAM Breach
ANU Enterprise, the commercial arm of the Australian National University (ANU), has recently been targeted by the ransomware group known as ThreeAM. This attack has raised significant concerns within the cybersecurity community, given the organization's pivotal role in bridging academic research with industry and government sectors.
About ANU Enterprise
ANU Enterprise operates as a small to medium enterprise (SME) within the academic sector, primarily based in Canberra, Australia. It is a wholly-owned subsidiary of ANU, dedicated to enhancing the impact of the university's research through consulting, contract research, and executive education initiatives. The organization is known for its comprehensive business development and project management services, which support researchers from the initial concept of their projects through to delivery and evaluation. This strategic alignment with industry needs and government priorities makes ANU Enterprise a standout entity in the education sector.
Attack Overview
On October 31, ANU Enterprise's name appeared on the dark web leak site associated with the ThreeAM ransomware group. While the attackers have claimed responsibility, they have not released specific details about the incident or published any exfiltrated data. It remains unclear whether any data was stolen or if ransomware was deployed. The lack of transparency from the threat actors leaves the extent of the breach uncertain, and it is unknown if any negotiations have taken place between the parties involved.
About ThreeAM Ransomware Group
ThreeAM, also known as 3AM, is a relatively new player in the ransomware landscape, distinguished by its use of the Rust programming language, which enhances its performance and complicates analysis. The group is known for encrypting files and appending the extension `.threeamtime`, and it often serves as a fallback option when other ransomware deployments, such as LockBit, fail. ThreeAM's connections to established groups like Conti and Royal suggest a sophisticated operational framework, making it a formidable threat in the cybersecurity domain.
Potential Vulnerabilities
ANU Enterprise's role in facilitating collaborations between researchers and external partners may expose it to vulnerabilities, particularly in terms of data handling and project management. The organization's integration with various stakeholders and its reliance on digital infrastructure could have provided an entry point for the ThreeAM group. The attack underscores the importance of cybersecurity measures, especially for entities involved in sensitive research and industry collaborations.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!