Queensland University of Technology shuts IT systems after being hit by ransomware attack

3 Min Read

A cyber attack at Queensland’s second-largest university has caused campus printers to spit out ransomware notes in bulk.

The Queensland University of Technology has shut down multiple IT systems as a precaution.

QUT Vice-Chancellor Professor Margaret Sheil said her own printer was among those affected this morning.

“In my case, it printed out until there was no more paper in my printer,” she said.

The ransom note purports to be from ‘Royal ransomware’, which Professor Sheil said ran a “well-known” ransomware scheme.

The United States health department recently issued a warning to hospitals about the ransomware, with attacks first reported in America in September.

“Royal is a newer ransomware, and less is known about the malware and operators than others,” warned American authorities in a note to healthcare departments two weeks ago.

The message being printed on QUT computers on December 22, 2022 that appears to be scam or cyber attack
The message printed out at QUT.(Supplied)

The printed ransomware note says “your critical data was not only encrypted but also copied”, warning it could be published online unless a “modest royalty” is paid.

Professor Sheil said multiple systems were compromised, but none of the “core” student, staff or financial systems appeared to be involved.

Underway investigations

The university has shut down all its IT systems as a precaution, as technical staff and external specialists carry out an investigation.

“Everything that’s sensitive in terms of holding data and so on, we’ve shut down,” Professor Sheil said.

“Most of the systems that are out of action are because we’ve shut them down or stopped access, and so that’s things like the system that manages all the student enrollment data, the system that the students access to get their course information, staff systems.

“There are other systems where they’re compromised – not necessarily shut down – but with a file that might have been locked by the attack.”

Share this Article