Harare Institute of Technology allegedly hit with cyber attack

   

Today, on whatsapp a screenshot with the Harare Institute of Technology website being shown as hacked started circulating. We tried to open the website to see the same thing as was in the picture but it failed to load. Chances are that the website has been taken down by HIT if they’ve found out what has happened hence it’s no longer opening.

Since the website couldn’t open, we cannot say that they have been hacked as a fact because the website being down could be caused by something else and just be a coincidence. However, we also recently received the following email from the attacker.

HIT-hack-screenshot
Screeenshot that was circulating on whatsapp earlier

===============================================

advertisement

=             Last Life Hackers                                                 =

===============================================

*            RANSOMWARE LETTER                                       *

**************************************************************************

This is not a rape,

we are not molesting you,

we are not killing anyone,

we are not setting off bombs.

This is a ransom – and this is a targetted attack.

************************************************

We have shredded and deleted all your backups eliminating

all chances of recovery.

All of your sensitive files, databases and emails have been copied to

a remote server and all local copies have been encrypted using AES-256

and the originals deleted.

We encrypted 1.3TB of University data using salted AES-256 CBC, including emails dating back to 2013, all financial records, student aid records, the entire website and 56GB worth of MySQL databases. Daily incremental backups to a bastion server were misconfigured and have not for ages(wrong IP) hence all copies of backups which were on the same machine were destroyed.

AES is a symettric encryption, meaning you will get all of your data back

if you use the same key used to encrypt the files.

We require that you pay USD$999 for the decryption key and instructions on how to recover all your data.

Send an email to onmylastlife@protonmail.com before the 27th of June 2017 or we will

delete the encryption key and terminate the email account. We will also disclose instructions on how

payment should be sent via Bitcoin.

If you contact ProtonMail resulting in the closure of the email address or fail to pay

the ransom by the 27th of June – all of your files will be lost and we will dump the decrypted 56GB gzipped database online.

 

Remember!, this is simply a ransom, not rape or murder.

Contact: onmylastlife@protonmail.com

Email header: H.I.T ransom settlement

Greetings!!!

***************************************************************************************

As a sign of good faith: Here is the password used to encrypt your 600GB email

backup:

To decrypt the email backup run:

ENC_PASSWORD=”P09eJWHu0VjuH17dzXCPEuk5vmYZh+vbkPVDFd2+oRn6AEOpUPhSPCM3UjFgMBMq

gFmU4n7Wm6KDLSdZ9rH5eLa2OzuiPgwvTYaA2kMnJO9PKJUT8e6u3CQ+e2rRp5po

dg==”

cd /home/backup/

for f in $(find -type f \( -name “*.ransomed” \)); do echo “Decrypting $f … “; cat “$f” | openssl enc -d -aes-256-cbc -nosalt -pass “pass:$ENC_PASSWORD” | cat > “$f.orig” ; rm -f “$f”; done;

Sent with ProtonMail Secure Email.


Quick NetOne, Telecel, Africom, And Econet Airtime Recharge

If anything goes wrong, chat with us using the chat feature at the bottom right of this screen

You might also like

Improve your digital marketing game with the “10 For 10 Challenge”

WhatsApp adds biometric authentication to PC and web

Telegram is toying with WhatsApp chat imports

ZERA introduces e-licenses for the petroleum sector