ANU Enterprise

Summary

ANU Enterprise (ANUE), a wholly-owned subsidiary of the Australian National University, confirmed a ransomware attack on October 31, 2024 after being listed on the ThreeAM ransomware gang's dark web leak site. The incident resulted in encryption and exfiltration of files from ANUE's IT systems.

Attack Vector

The ThreeAM ransomware group, a relatively new operation distinguished by its use of the Rust programming language, breached ANU Enterprise systems and encrypted files while exfiltrating data. ThreeAM ransomware appends the extension .threeamtime to encrypted files. The use of Rust enhances the malware's performance and complicates analysis by security researchers.

Consumer Impact

The attack affected ANU Enterprise, which is dedicated to enhancing the impact of ANU's research through consulting, contract research, and executive education initiatives. While the threat actor indicated that 0 percent of allegedly exfiltrated data had been published at the time of disclosure, the encryption and theft of files from the subsidiary's IT systems posed risks to research partnerships and consulting engagements.

Response

ANU Enterprise confirmed the ransomware incident on November 5, 2024. In conjunction with the ANU Information Security Office, the organization is actively reviewing the incident to recommend additional information security measures for future implementation. The response demonstrates coordination between the subsidiary and parent university's security resources.