The University of Siena, a distinguished Italian academic institution established in 1240, is currently grappling with a significant cybersecurity incident. The LockBit 3.0 ransomware group has claimed responsibility for the attack that has disrupted multiple university services, leading to the temporary suspension of its systems.
As one of Europe’s oldest universities, Siena offers extensive programs in sciences, medicine, engineering, economics, and social sciences.
In response to the crisis, the university has initiated recovery operations with the support of the Italian National Cybersecurity Agency (Agenzia per la Cybersicurezza Nazionale), although the involvement of LockBit has not yet been officially confirmed.
University of Siena Data Breach and Ransom Demand
According to the new LockBit 3.0 leak site, the group has allegedly exfiltrated 514 GB of sensitive data from the university’s systems. Screenshots of the stolen data were shared on both the leak site as well as the group’s Telegram channel. The stolen data reportedly includes:
Financial Documents including :
- Budgets detailing expenses by month from 2020 to 2024.
- Board-approved documents regarding project and tender financing from 2022 to 2026, including funding amounts.
- Documents related to extraordinary construction works, contractor appointments, and a €1.7 million budget allocation.
Confidential Information including:
- Non-disclosure agreements for the upcoming WineCraft 2024 event.
- Tender design contracts for 2023, including contract budgets.
- Contractor’s investment plan for 2022, encompassing expenses, rents, and the overall financial plan.
With a looming ransom deadline set for May 28, the university is racing against limited time to deal with the consequences of the digital assault.
Earlier on May 10th, the University of Siena acknowledged the cyber attack on its website, informing the public about the suspension of various of its services due to a ‘massive cyber attack by an international group of hackers.’
University’s Response and Restoration Efforts
The website acknowledged that several of its services including its website for international admissions, ticketing services, and payment management platforms had been affected and were taken down as a preventative measure.
The notice assured users that payments made prior to the attack had been registered despite a temporary disconnect between the website’s payment confirmation and application processing.
However, the notice also stated that the volume of assistance requests being received from international candidates following the incident was found to be overwhelming to its staff. The notice advised students to refrain from sending multiple inquiries, promising to respond as soon as possible.
The notice provided separate advice to both candidates who had already paid university fees but did not submit applications and candidates who submitted admission applications but had not yet paid their application fees.
The site stated in bold that students who fall in the above mentioned categories should avoid unnecessary contact with staff, while apologizing for the inconvenience caused by the issue.
The attack on the University of Siena is one of the largest attacks claimed by the LockBit group following the recent disruption to its activities after its coordinated takedown by law enforcement groups. The incident underscores the group’s persistent efforts to remain active in their efforts despite these operational challenges, while emphasizing their ability to still cause massive disruption to victims.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
