RansomHub Ransomware Hits University of Genoa Exfiltrates 18GB Data

Incident Date: Sep 09, 2024

Attack Overview

VICTIM

Università degli Studi di Genoa

INDUSTRY

Education

LOCATION

Italy

ATTACKER

Ransomhub

FIRST REPORTED

September 9, 2024

Request Removal

RansomHub Ransomware Attack on Università degli Studi di Genova

The Università degli Studi di Genova (UniGe), a historic public research university in Italy, has been targeted by the ransomware group RansomHub. The attackers claim to have exfiltrated approximately 18 GB of data and have set a ransom deadline for the 23rd of September, demanding compliance to avoid further consequences.

About the Victim: Università degli Studi di Genova

Founded in 1481, UniGe is one of the oldest universities in Europe, with a significant historical and academic presence. The university operates as a non-profit institution and is officially recognized by the Italian Ministry of University and Research. It enrolls approximately 40,000 students and employs around 1,800 teaching and research staff, along with 1,580 administrative personnel. UniGe offers a wide array of programs leading to bachelor's, master's, and doctoral degrees across various disciplines. The university is known for its extensive research activities, holding 97 active patents and averaging 14 new patents annually.

Attack Overview

RansomHub, a Ransomware-as-a-Service (RaaS) group, has claimed responsibility for the attack on UniGe. The group has exfiltrated 18 GB of data and is leveraging this information to demand a ransom. The attack highlights the vulnerabilities in the university's cybersecurity infrastructure, which may include unpatched systems and inadequate defenses against sophisticated ransomware tactics.

About RansomHub

RansomHub emerged in February 2024 and quickly established itself in the ransomware landscape through an aggressive affiliate model. The group is known for its speed and efficiency, using advanced encryption techniques and data exfiltration methods. RansomHub affiliates primarily use phishing campaigns, vulnerability exploitation, and password spraying to gain initial access. The group targets high-value sectors such as healthcare, financial services, and government, making it a formidable threat to organizations worldwide.

Penetration Methods

RansomHub likely penetrated UniGe's systems through a combination of phishing campaigns and exploiting unpatched vulnerabilities. The group's ransomware is optimized to encrypt large datasets quickly and can target cross-platform systems, including Windows, Linux, and ESXi. By leveraging zero-day vulnerabilities and advanced data exfiltration techniques, RansomHub was able to breach the university's defenses and exfiltrate sensitive data.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.