top of page

LockBit Admits to Cyberattack on University of Siena Amid Ongoing International Scrutiny

LockBit has recently admitted to the cyberattack on the University of Siena, which disrupted several university services and compromised significant amounts of data. This confession comes merely weeks after LockBit's operations were interrupted by an international law enforcement crackdown.

The University of Siena Attack

University officials have confirmed that the cyberattack led to the shutdown of essential services, including the international admissions website, ticketing systems, and payment management platforms. LockBit claims to have stolen over 500 GB of data, which includes sensitive documents such as board-approved project and tender financing records from 2022 to 2026, monthly expense reports from 2020 to 2024, nondisclosure agreements for the upcoming WineCraft 2024 event, and contractors' investment plans for 2022. The ransomware group has demanded a ransom to be paid by May 28 to prevent the exposure of this exfiltrated information.

Expert Insights

Dr. Darren Williams, CEO and Founder of BlackFog, commented on the situation, highlighting the vulnerabilities in university cybersecurity infrastructures. "Universities continue to be one of the most targeted sectors as they struggle to invest in the latest security tools, many still relying on antivirus solutions, which have little effect on modern cyberattacks. Cybercriminals value any organization that has valuable data that can be used for extortion, and universities tend to be a treasure trove, providing multiple points of leverage holding student, faculty, donor, and parent information. To stop such attacks, organizations must monitor all data leaving the network and enforce strict controls over all data using anti-data exfiltration. Once the data has been stolen, it is too late, and attackers can engage in double and even triple extortion."

LockBit's Continued Operations and Recent Attacks

In addition to the University of Siena, LockBit has also claimed responsibility for the April cyberattack on Canadian pharmacy chain London Drugs. This attack forced the closure of all retail stores across Western Canada and raised concerns about the security of customer and employee data.

Despite claims by LockBit, London Drugs has stated that their investigations, conducted by third-party cybersecurity experts, found no evidence of customer or employee data compromise. However, the company acknowledges that LockBit may leak corporate files containing employee information on the dark web, and they have proactively provided credit monitoring and identity theft protection services to all current employees.

LockBit's Rise and Continued Threat

LockBit, which began as the ABCD ransomware group in September 2019 before rebranding, has been responsible for numerous high-profile attacks. Despite a significant law enforcement action in February 2024 that took down its infrastructure, LockBit remains active, targeting new victims and releasing data in retaliation.

The group's resilience is evident as they move to new servers and dark web domains, continuing their operations despite international efforts to curb their activities. LockBit's leader, Dmitry Yuryevich Khoroshev, was recently identified and sanctioned, with the U.S. State Department offering substantial rewards for information leading to the arrest or conviction of LockBit leadership and affiliates.

The recent admissions by LockBit underscore the persistent threat posed by ransomware groups to various sectors, including educational institutions and healthcare services. The cyberattack on the University of Siena and the ongoing situation with London Drugs highlight the need for robust cybersecurity measures and international cooperation to combat these cybercriminal organizations effectively.


bottom of page