MTU Cork confirms it suffered ransomware cyber attack as campus remains closed

College has ‘not engaged’ with demand as it works towards managed return to campus

The Cork campus of Munster Technological University was targeted, with Tralee unaffected
The Cork campus of Munster Technological University was targeted, with Tralee unaffected

Munster Technological University Cork was “targeted in a cyber attack”, the educational institution has said.

The TU Cork campus has been closed this week following a “significant” IT breach and phone outages.

In a statement late on Wednesday night, MTU Cork confirmed the breach was a cyber attack. The extent of the attack, including which data may have been breached, remains under investigation.

“Following extensive and ongoing initial investigations MTU can confirm that its Cork campuses have been targeted in a cyber attack. The Kerry campuses of MTU remain unaffected,” the statement said.

READ MORE

A college administrator declined to reveal the amount of the ransom, but said a demand had been received, and that MTU had “not engaged”.

Munster Technological University plans ‘phased’ reopening next week after IT breachOpens in new window ]

The statement said the incident was detected by MTU’s IT security systems last weekend with “immediate steps being taken to intercept and manage the incident”.

“The incident resulted in the encryption of certain MTU systems for the purpose of demanding a ransom,” it added.

MTU said it has been in “close and ongoing contact” with the National Cyber Security Centre, the Data Protection Commission, An Garda Síochána and other relevant stakeholders including Government departments since the incident.

“We have engaged highly specialised services and have been working closely with the expert national authorities and our security partners in immediately instigating a dual process to investigate the cause and extent of the attack as well as the safest and most efficient recovery process,” it said.

While the extent of the incident remains under investigation, the third-level facility said students and staff do not need to take any action at this time and MTU will notify any affected individuals.

“While it is still early in this process we are following all appropriate protocols and procedures in order to minimise and mitigate any impact that this incident may have and to facilitate the restoration of our education services as a top priority,” MTU said.

“We wish to reassure students and staff that we are looking at all of our options as part of this dynamic and evolving situation.”

Major IT breach forces Munster Technological University to halt classesOpens in new window ]

The vice-president for finance and administration at Munster Technological University, Paul Gallagher, confirmed the development on RTÉ's Morning Ireland and said they college would work methodically to solve the issue. #

“The worst thing we can do is rush this, that could make matters worse,” he said. When asked the amount of the ransom demanded, Mr Gallagher declined to comment, but he did acknowledge that a demand had been found encoded in one of the servers. “We have not engaged, we are taking advice from the National Cyber Security Centre.

“We’re in a strong position, we can restore the system ourselves. “The difficulty is actually getting into the system because the first thing that is attacked is your security and your network management system, and it is encrypted in those systems. So it took us some time to get those back and to understand the full extent of the attack.

“We were very lucky in that we intercepted this at an early stage, which puts us in quite a strong position actually. We have very good back up in place, so we did discover a ransom demand encoded in one of the servers, but we haven’t engaged directly at this stage at all with the ransom.

“So we’re taking advice from the National Cyber Security Centre and our security partners in relation to that. As I said, we’re in quite a strong position. We’re not actually dependent on getting any encryption keys. We are in a position to restore our systems ourselves.

“The worst thing that they could do is rush this. Right now we have protocols in place and we’re following those through a strict methodology. The danger is that if you rush it, you make things worse. So we have our plans in place. We are working towards a phased and a managed return to campus from Monday, and our management are working through the process.”

Shauna Bowers

Shauna Bowers

Shauna Bowers is Health Correspondent of The Irish Times