Cyber Incident Victim: Queensland University of Technology
Date:
Dec 2022
Location:
Australia
Summary
Queensland University of Technology experienced a ransomware attack attributed to the Royal ransomware group, which triggered campus printers to mass-produce ransom notes demanding payment under threat of publishing stolen data. The institution proactively shut down multiple IT systems, including student enrollment and course access platforms, to contain the breach, though core financial and staff systems remained unaffected. While some systems were compromised and files encrypted, the university activated its incident response plan, engaged external specialists, and notified federal authorities. Students retained limited functionality to accept enrollment offers, though documentation processes were disrupted pending system restoration.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On December 22, 2022, Queensland University of Technology (QUT) experienced a ransomware attack attributed to the Royal ransomware group. The incident was initially detected when campus printers began mass-producing physical ransom notes, including one from the office of Vice-Chancellor Professor Margaret Sheil, whose printer exhausted its paper supply during the unauthorized printing activity. The printed communications claimed the attackers had both encrypted and exfiltrated critical data, threatening to publish it online unless a "modest royalty" payment was made. QUT immediately initiated containment protocols by shutting down multiple IT systems as a precautionary measure, including student enrollment platforms, course information systems, and staff access portals. Professor Sheil confirmed the university had activated its pre-existing cyber incident response plan, emphasizing that while multiple systems were compromised, core student records, staff data, and financial systems appeared unaffected by the encryption or theft.
Technical staff and external cybersecurity specialists commenced forensic investigations to assess the full scope of the breach. The university maintained limited functionality for critical processes, allowing prospective students to accept study offers while postponing documentation completion until systems were restored. QUT notified the Australian federal Department of Education about the incident and maintained ongoing communications with staff and students regarding system disruptions. The Royal ransomware, identified in the attack, was described by U.S. health authorities as a newer threat with limited public documentation at the time, having first appeared in American attacks three months prior. No evidence indicated healthcare data was compromised in this incident. University operations remained partially disrupted as investigators worked to isolate compromised systems and restore secure access to essential academic and administrative functions.