DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Technion University hacked and locked; previously unknown attackers demand 80 BTC

Posted on February 12, 2023 by Dissent

The Technion, which is the Technology Institute of Israel, confirms it has been the victim of a ransomware attack by threat actors demanding 80 BTC ransom to unlock the data.

According to the ransom note sent by attackers, the school’s network was locked. Their ransom note, first published by Erez Dasa on Telegram, begins:

Dear Colleagues,

We’re sorry to inform you that we’ve had to hack Technion network completely and transfer *all* data to our secure servers.
So, keep calm, take a breath and think about an apartheid regime that causes troubles here and there.
They should pay for their lies and crimes, their names and shames. They should pay for occupation, war crimes against humanity, killing the people (not only Palestinians’ bodies, but also Israelis’ souls) and destroying the future and all dreams we had.
They should pay for firing high-skilled experts.”

The note, which also warns Technion not to try to decrypt files without the key, gives Technion 48 hours to pay 80 BT ($1.74 million) before the price goes up 30%. After 5 days, the data will be put up for sale, the attackers, who sign the note “DarkBit,” threaten.

Ransom note to the Technion from "DarkBit" provided .onion address for support/payment and a TOX ID for contact. The note demands 80 BTC within 48 hours.
Ransom note from DarkBit to the Technion. Provided by Erez Dasa, redacted by DataBreaches.net .

A spokesperson for the institution confirmed the attack to Ynet, who reports that despite the cyber attack, exams at the Technion are taking place today as usual. However, the students were asked to disconnect their personal computers from the network and reduce email traffic until further notice. In email to DataBreaches, however, Dasa reports that all exams have since been canceled for the 13th and 14th.

Attempts to contact DarkBit via the TOX ID in the ransom note failed and returned an invalid ID message.

Screenshot of DarkBit's support site on Tor.
DarkBit’s support site on Tor. As of publication, there are no listings on their leak blog. Image: DataBreaches.net.

Comment

And what is DarkBit’s real motivation? Rather than the usual “It’s just business” type of note, DarkBit’s note suggests that they are trying to sound almost like hacktivists, but their explanation sounds more like former employees of Technion who were fired or who blame Technion for their professional failures. How did Technion “destroy the future and all dreams” they had? What “high-skilled experts” did Technion fire — was it them? Is that why they addressed the note to “Dear Colleagues?”

Later in their ransom note, they add a common warning to victims not to try to decrypt locked data without a key. But then these attackers add, “”You have to trust us. This is our business (after firing from high-tech companies) and reputation is all we have.”

So they are claiming they were fired from high-tech companies?  If they were fired from high-tech firms, that doesn’t exactly support a claim of “reputation is all we have.”  DarkBit is an unknown group with no publicly known history or reputation of keeping their word to provide a key if victims paid.

But then, all of their explanations may be just fiction or cover up for some state-sponsored action, as Erez Dasa suspects.

This post will be updated if more information becomes available.

Update: It seems DarkBit has a Telegram channel and other social media accounts.

On its Telegram channel, DarkBit reiterates what it says in its ransom note about Israel. They also add #HackforGood messages.

Related posts:

  • The Ransomware Superhero of Normal, Illinois
Category: Education SectorMalwareNon-U.S.

Post navigation

← Cybersecurity Incident Shuts Down Biglaw Network
Cop and telecoms staffer charged in data breach case →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.