The University of Pisa in Italy is allegedly being held to ransom for $4.5 million, according to Cybersecurity360 and other European news sources.


BlackCat, or ALPHV, a Ransomware as a Service (RaaS) group, has claimed responsibility for the cyberattack and issued a ransom note, stating that the University has until June 16th to pay the ransom. The threat actor says the ransom will increase to $5 million if payment is not received.


Cybersecurity360 shared a screenshot of the alleged ransom note, counting down the minutes until the price increases. 


Recent Microsoft research says the threat actor is a prime example of the growing RaaS gig economy and is noteworthy due to its unconventional programming language (Rust). Using a "modern language for its payload," this ransomware attempts to evade detection, especially by conventional security solutions. 


While BlackCat's arrival and execution vary based on the actors deploying it, the outcome is the same — target data is encrypted, exfiltrated, and used for 'double extortion,' where attackers threaten to release the stolen data to the public if the ransom isn't paid, Microsoft says.


According to Chris Olson, CEO of The Media Trust, the University of Pisa attack follows a trend of ransomware actors targeting universities and schools, possibly because they assume these institutions are well-funded and eager to resume operations. "As cyber threats encroach on critical infrastructure and vulnerable institutions, it's more important than ever for today's businesses to understand how ransomware actors compromise their systems, from reconnaissance to execution," Olson says. "This includes digital attack surfaces like web and mobile devices, where many ransomware incidents begin."