Today, on whatsapp a screenshot with the Harare Institute of Technology website being shown as hacked started circulating. We tried to open the website to see the same thing as was in the picture but it failed to load. Chances are that the website has been taken down by HIT if they’ve found out what has happened hence it’s no longer opening.
Since the website couldn’t open, we cannot say that they have been hacked as a fact because the website being down could be caused by something else and just be a coincidence. However, we also recently received the following email from the attacker.
===============================================
= Last Life Hackers =
===============================================
* RANSOMWARE LETTER *
**************************************************************************
This is not a rape,
we are not molesting you,
we are not killing anyone,
we are not setting off bombs.
This is a ransom – and this is a targetted attack.
************************************************
We have shredded and deleted all your backups eliminating
all chances of recovery.
All of your sensitive files, databases and emails have been copied to
a remote server and all local copies have been encrypted using AES-256
and the originals deleted.
We encrypted 1.3TB of University data using salted AES-256 CBC, including emails dating back to 2013, all financial records, student aid records, the entire website and 56GB worth of MySQL databases. Daily incremental backups to a bastion server were misconfigured and have not for ages(wrong IP) hence all copies of backups which were on the same machine were destroyed.
AES is a symettric encryption, meaning you will get all of your data back
if you use the same key used to encrypt the files.
We require that you pay USD$999 for the decryption key and instructions on how to recover all your data.
Send an email to onmylastlife@protonmail.com before the 27th of June 2017 or we will
delete the encryption key and terminate the email account. We will also disclose instructions on how
payment should be sent via Bitcoin.
If you contact ProtonMail resulting in the closure of the email address or fail to pay
the ransom by the 27th of June – all of your files will be lost and we will dump the decrypted 56GB gzipped database online.
Remember!, this is simply a ransom, not rape or murder.
Contact: onmylastlife@protonmail.com
Email header: H.I.T ransom settlement
Greetings!!!
***************************************************************************************
As a sign of good faith: Here is the password used to encrypt your 600GB email
backup:
To decrypt the email backup run:
ENC_PASSWORD=”P09eJWHu0VjuH17dzXCPEuk5vmYZh+vbkPVDFd2+oRn6AEOpUPhSPCM3UjFgMBMq
gFmU4n7Wm6KDLSdZ9rH5eLa2OzuiPgwvTYaA2kMnJO9PKJUT8e6u3CQ+e2rRp5po
dg==”
cd /home/backup/
for f in $(find -type f \( -name “*.ransomed” \)); do echo “Decrypting $f … “; cat “$f” | openssl enc -d -aes-256-cbc -nosalt -pass “pass:$ENC_PASSWORD” | cat > “$f.orig” ; rm -f “$f”; done;
Sent with ProtonMail Secure Email.
Quick NetOne, Telecel, Africom, And Econet Airtime Recharge
If anything goes wrong, chat with us using the chat feature at the bottom right of this screen
Buy ZESA Tokens 
Pay TelOne 
