Queensland's second largest university has suffered a major cyber attack, impeding IT systems and leaving students unable to receive Centrelink payments for weeks on end.
According to Queensland University of Technology (QUT), the incident took place on 22 December 2022 when QUT printers started to unexpectedly spit out droves of ransom notes across campus.
Soon after, the university’s technical staff quickly shut down a collection of IT systems as a precautionary measure and launched investigations into the purported ransomware attack.
"QUT has experienced a cyber security incident today which purports to be a Royal ransomware attack," read QUT's December statement.
"Our university staff are working around the clock to assess the situation, restore services and limit disruption to students and academic progress," said QUT.
While some systems such as the learning management system Blackboard have been successfully restored, the latest updates from QUT indicate other systems could still be impacted almost a month after the initial attack.
As the university's investigations and recovery work persisted into the new year, multiple QUT students said they were consequently left without a means to receive their Centrelink payments.
According to the ABC, the attack led to one business student's payments being cut off two days out from Christmas; due to systems being taken offline, she was allegedly unable to download a crucial document related to her eligibility for student allowance.
Another student said the cyber attack led to issues with Centrelink recognising they were a student, leaving them "without income for a fortnight."
"It was quite difficult because I had to pay out my rent and it got to the point where I couldn't afford rent before the situation was fixed," they said.
The two students reportedly had their payments reinstated after visiting Centrelink offices.
A frequently asked questions page on the QUT website said the university had informed Centrelink about the incident.
"You can request an extension with Centrelink to provide your confirmation of enrolment at a later date," the university wrote.
QUT, which has around 50,000 students enrolled across its two Brisbane campuses, said "some system disruptions will continue for some weeks" following its reopening on 3 January.
A royal pain
According to QUT's statements thus far, the cyber security incident is purported to be a "Royal ransomware attack."
The Royal Ransomware group is an up-and-coming and highly active cyber criminal gang said to have been the most actively operating ransomware group during November 2022.
The group is reportedly composed of experienced actors from other notorious ransomware operations, such as Conti, and allegedly conducts its ransomware attacks through a combination of phishing, social engineering and malware.
In the case of QUT, Royal allegedly sent swathes of ransom notes to university printers, offhandedly prompting the university to "engage in a deal" in exchange for stolen data.
According to the ABC, QUT Vice-Chancellor Professor Margaret Sheil said her printer was among those affected.
"In my case, it printed out until there was no more paper in my printer," Sheil said.
She went on to describe some of the impact to QUT systems during the incident.
"Everything that's sensitive in terms of holding data and so on, we've shut down," Shiel said.
"There are other systems where they're compromised – not necessarily shut down – but with a file [that] might have been locked by the attack."
The ransom note contained a dark web URL which, when visited, prompts the reader to "Please read carefully the ‘readme’ file you got from us" before loading a simple contact form.
A QUT statement on 1 January read, "QUT has become aware of a new claim today that some files have been comprised in the cybersecurity incident on 22 December 2022 purporting to be a ransomware attack.
"Our teams together with cyber security experts are assessing the validity and/or extent of this claim," it added.
Whether QUT has engaged with the Royal Ransomware group directly is not known.
At this stage, QUT has yet to announce any student or staff data having been compromised because of the attack.
The university said students have been contacted with regular updates about the ongoing situation, and provided with avenues for support regarding any concerns or queries.
