HACKERS who attacked the Harare Institute of Technology with WannaCry Ransomware are demanding about $1000 in bitcoin from the institution to avoid losing their data, it has emerged. The hackers claimed to be in possesion of all financial records, student and staff emails as well as student photos.
According to an email sent to TechnoMag believed to have originated from the hackers, they claimed to have, “shredded and deleted” all the institution’s backups to eliminate all chances of recovery.
“We have shredded and deleted all your backups eliminating all chances of recovery. All of your sensitive files, databases and emails have been copied to a remote server and all local copies have been encrypted using AES-256 and the originals deleted,” read the letter.
Held hostage by the hackers are 1, 3 Terabytes of data from 2013 which need decryption.
“Daily incremental backups to a bastion server were misconfigured and have not for ages(wrong IP) hence all copies of backups which were on the same machine were destroyed,” said the hackers.
The hackers explained that since HIT’s data was encrypted using AES, the system administrators at the institution would retrieve it after payment.
“AES is a symettric encryption, meaning you will get all of your data back if you use the same key used to encrypt the files,” they said.
HIT according to the hackers should fork out $999 to be paid in bitcoin to obtain a decryption key.
“We require that you pay USD$999 for the decryption key and instructions on how to recover all your data. Send an email to [email protected] before the 27th of June 2017 or we will delete the encryption key and terminate the email account. We will also disclose instructions on how payment should be sent via Bitcoin,”the hackers said.
The hackers further threatened that should the ransom be unpaid HIT will lose all the data.
“If you contact ProtonMail resulting in the closure of the email address or fail to pay the ransom by the 27th of June – all of your files will be lost and we will dump the decrypted 56GB gzipped database online,” notified the hackers.
The WannaCry ransomware attack was a worldwide cyberattack by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency.