Technion – Israel Institute of Technology, one of the leading research universities in Israel, suffered a cyber attack from a new ransomware group known as DarkBit. The attackers have demanded a payment of 80 Bitcoin, roughly equivalent to $1.7 million, along with anti-Israel rhetoric and a protest against tech layoffs.

Technion Institute battles cyber attack

The Haifa-based academic institution has activated its incident response team to investigate the scope and cause of the attack. In a statement released in Hebrew, the university confirmed that it is under a cyber attack and is using its internal experts, as well as outside experts, to coordinate with relevant authorities. As a proactive measure, the Technion Institute has temporarily blocked all communication networks.

Despite the cyber attack, the university’s campus operations continue as normal, with the exception of postponed exams. The university has assured the students and staff that the work day will proceed as usual, and they will update with more information as it becomes available.

Who is DarkBit responsible for ransomware?

DarkBit is a new and unknown group that has popped up this week, with their whereabouts yet to be known. The group has dropped hints about their objectives in the ransom note, as well as on their Twitter and Telegram channels. DarkBit has a multi-faceted motive, with a stance against “racism, fascism, and apartheid,” and anti-Israel messages. The group has also expressed concern about tech layoffs and has called out companies for being careless when firing employees, especially highly skilled ones.

It is unclear if DarkBit is a threat actor, a disgruntled employee, or a pro-Palestinian activist, but the attack on Technion Institute appears to be the group’s way of taking revenge for layoffs that may have involved its members. The group has implied that laying off technical employees without proper due diligence could pose a threat to an organization’s security posture. Some laid off employees may have insider knowledge that allows them to access an organization’s computer networks, even after termination.

Cost of a ransomware attack: Ransom demands and stolen Data

DarkBit has threatened to impose a 30% penalty on top of the ransom demand if the university does not agree to pay. Additionally, the attackers have warned that they will put up any stolen data for sale after five days if the ransom is not paid.


The attack on Technion Institute by DarkBit highlights the importance of organizations taking proper measures to secure their computer networks. Laying off employees, especially technical ones, without proper due diligence could pose a threat to an organization’s security posture. Cybersecurity analysts are closely monitoring the situation and will provide updates as the development progresses.