The University of Siena, a renowned Italian academic institution with a long history dating back to 1240, is currently facing a major cybersecurity crisis. The LockBit 3.0 ransomware group has taken credit for the attack, which has disrupted various university services and forced the temporary shutdown of its systems.
Known for its diverse programs in sciences, medicine, engineering, economics, and social sciences, the University of Siena is now in the spotlight due to this cyber incident. The Italian National Cybersecurity Agency (Agenzia per la Cybersicurezza Nazionale) has stepped in to support the university in its recovery efforts, although formal confirmation of LockBit’s involvement is still pending.
The recent data breach at the University of Siena, allegedly orchestrated by the LockBit 3.0 group, has resulted in the exfiltration of 514 GB of sensitive information from the university’s systems. The stolen data, which was showcased on the group’s leak site and Telegram channel, includes financial documents detailing budgets, project financing details, and construction works allocations, among other confidential information like non-disclosure agreements and tender design contracts.
With a ransom deadline set for May 28, the university is working against the clock to address the aftermath of this cyberattack. The revelation of this breach on May 10, followed by the suspension of various services such as international admissions, ticketing, and payment platforms, has had a significant impact on the university’s operations.
In response to the crisis, the university’s website has assured users that payments made before the attack have been recorded, despite temporary disruptions in payment confirmation and application processing. However, the surge in assistance requests from international candidates has overwhelmed the university staff, prompting a plea for patience and minimal contact from affected individuals.
The attack on the University of Siena marks a significant escalation in LockBit’s cyber activities, demonstrating their resilience despite recent law enforcement actions against the group. As the university navigates the challenges posed by this breach, the incident serves as a stark reminder of the ongoing threat posed by ransomware groups to organizations of all sizes and sectors.
This report serves as a cautionary tale, highlighting the critical importance of robust cybersecurity measures and proactive risk management strategies to safeguard against potential cyber threats. The University of Siena’s experience underscores the need for constant vigilance and preparedness in the face of evolving cybersecurity challenges in an increasingly connected digital landscape.