Israel's top tech university postpones exams after ransomware attack

Israel’s leading technology university, Technion, suffered a cyberattack on Sunday, forcing it to shut down its systems and postpone exams this week.

Hackers from a previously unknown group called DarkBit left a ransom note explaining the alleged motives behind their attack and demanding 80 bitcoins ($1.7 million) to recover the university's data.

Despite ransom demands, the cyberattack also appears to be ideological. In its message to the university administration, DarkBit accuses the "apartheid regime" of "occupation, war crimes, killing the people, destroying the future, and firing high-skilled experts," and asks Technion University to pay for it.

The group threatened to increase the ransom by 30% within the next two days or put the data up for sale within the next five days if the university doesn’t agree to pay. DarkBit also cautioned the university against attempting to recover data on its own or seeking help from third-party companies. “It will cause permanent damage,” the hackers said, as only they allegedly have the decryption key.

The university has disabled its networks and communication channels while the incident is investigated. So far, Technion technical specialists have managed to restore access to Office 365, Zoom, and the university's Panopto system, the university said. Technion’s official website is down at the time of writing.

The university's technical team, cybersecurity experts and state cyber officials are involved in the investigation of the incident.

Despite the attack, Technion resumed classes on Monday but had to postpone exams planned for this week. The exams will be held as per schedule from next Wednesday, according to a university statement posted on Twitter in Hebrew on Monday. 

Technion’s administration it's urging teachers to replace digital materials with "alternative" ones. “This is a complex event and returning to a normal routine will take time,” the university said.

‘Geek’ anger?

Who is behind the DarkBit gang is still unclear. The group’s hackers use the tools of cybercriminals, but their ideology resembles that of hacktivists.

In reality, the group could have been founded by angry laid-off employees of tech companies. In its only post on Twitter, DarkBit wrote:

“A kindly advice to the hight-tech companies: From now on, be more careful when you decide to fire your employees, especially the geek ones,” the post said.

“Darkbit has gone from hacktivist to ransomware group now to a disgruntled former employee all in one day,” said cybersecurity analyst Dominic Alvieri.

Usually, the most common culprit behind cyberattacks on Israel is Iran. The covert cyberwar between the two countries has escalated over the past two years.

Israeli defense officials said in September that the country had thwarted dozens of attempted Iranian cyberattacks over the past year. After Israel-linked hackers attacked Iran's biggest steel plants earlier in July, Israeli former Prime Minister Naftali Bennett warned that anyone who attempts a cyberattack against Israel will “pay a price.”

It's hard to say whether Iranian hackers have anything to do with the cyberattack on Israel's top university. 

Erez Dasa, an Israeli cybersecurity specialist and founder of the CyberSecurityIL social media news channel, noted similarities between this incident and previous cyberattacks carried out by Iranian hackers.

CyberSecurityIL also said students at Technion complained that the university had not updated them about the scope of the attack and what data the attackers could access. "Some of them shared sensitive medical information and bank account details with the Technion," the channel said.

Technion is not the only recent international victim of a cyberattack in higher education. Universities in Ireland and Switzerland reported incidents earlier this month.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Daryna Antoniuk

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.