IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

New ‘DarkBit’ ransomware gang shuts down Technion, demands $1.7 million ransom

A politically charged ransom note suggests DarkBit are one of the newest hacktivist gangs to emerge in recent months

A cyber attack on the Israel Institute of Technology has brought to light the emergence of a potentially aggressive new ransomware gang, DarkBit.  

The institute, known as Technion, was struck by a ransomware attack over the weekend during which hackers demanded an 80-Bitcoin ransom, equivalent to around $1.7 million (£1.4 million).

In the ransomware note, the group threatened to raise the ransom sum by 30% if the academic institution failed to pay the ransom in a 48-hour period.

The ransomware note was also littered with anti-Israeli government rhetoric, suggesting that the attack was politically motivated.

Believed to be a hacktivist operation, the likelihood of a victim paying DarkBit and then later receiving the decryptor is generally lower since the attack isn't believed to be wholly motivated by money.

“We’re sorry to inform you that we had to hack Technion network completely and transfer 'all' data to our secure servers,” the note read.

“So, keep calm, take a breath and think about an apartheid regime that causes troubles here and there.”

Technion confirmed it was dealing with a security incident in a statement online on Sunday 12 February, adding that it was working to determine the full scale of exposure. 

“The Technion is under cyber attack. The scope and nature of the attack are under investigation,” the statement read, “To carry out the process of collecting the information and handling it, we use the best experts in the field, in the Technion and outside, and coordinate with the authorities.”

While the exact scale of the attack is yet to be disclosed, the university said in a follow-up statement that campus activity, including exams, would not be affected.  

Who are DarkBit? 

DarkBit appears to be one of the newest ransomware groups to emerge in recent months.  

The identity of the group remains unclear, but given the politically charged language in the ransomware note left over the weekend, the group could be the latest sophisticated ‘hacktivist’ group to land on the scene.

In its Twitter bio, the group claims to be against “racism, fascism and apartheid”.

Hacktivist groups have wrought havoc on organisations globally and the subcommunity within cyber security has received special attention since the war in Ukraine broke out.  

Pro-Russian hacktivist group, Killnet, for example, has claimed responsibility for a number of devastating attacks against public services in Ukraine since the onset of the conflict in February last year.  

Earlier this month, the group launched attacks against more than a dozen US hospitals amidst its ongoing reprisal campaign against nations supporting the Ukrainian war effort.

Related Resource

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Whitepaper cover with title and logo on blue header banner and analysis chartFree Download

Bogdan ‘Bob’ Botezatu, director of threat analytics at Bitdefender, told IT Pro that while hacktivism is far from a new trend, recent geopolitical events have resulted in a surge of hacktivist-related incidents.  

“Hacktivism is known as a type of hacking to support civil, political, or religious causes. It has become chiefly consecrated with the advent of the Anonymous hacking group and has become more and more frequently used in the past few years as hacking groups affiliated with state actors have entered the scene,” he said.   

“In the past year alone, since the start of Russia’s invasion of Ukraine, several hacking groups have openly offered their cyber crime expertise to support Russia’s cause by hacking into companies in countries part of NATO or the EU.” 

Chris Hauk, consumer privacy champion at Pixel Privacy, noted that DarkBit’s ransomware demand message also warned Technion to “be careful when you decide to fire your employees, especially the geek ones”.  

This comment, Hauk noted, could suggest that the attack could have been the result of revenge from a disgruntled former employee.  

Hauk’s suggestion follows similar comments by security researcher, Dominic Alvieri, who tweeted yesterday that the group has “gone from hacktivist, to ransomware group, now to a disgruntled former employee all in one day.” 

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download


Ransomware now strikes one in 40 organisations per week, Check Point finds

Ransomware now strikes one in 40 organisations per week, Check Point finds

27 Jul 2022
Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

Darktrace AI’s Antigena helps stop ransomware attack at Dordogne GHT

13 Apr 2022

Most Popular

HMRC lost nearly 50% more devices in 2022

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023