The University of Rennes, a prominent institution in France with 32,000 students, has been the target of a cyberattack since March 8, 2025. The attack was claimed by Funksec, a ransomware group that has been gaining attention for its sophisticated and aggressive tactics. The hackers, identified by the ethical hacker SaxX, have threatened to release sensitive data stolen from the university. This includes 50 GB of files containing PDFs, CSVs, databases, Gmail addresses, phone numbers, invoices, passwords, and student information, although the University of Rennes has not yet confirmed these details.
The cyberattack appears to be contained within one of the university’s educational sub-networks, and the university quickly responded to limit the damage.
IT staff at the university made an initial diagnosis and took swift measures to mitigate the effects of the attack. Despite the breach, the university’s main network and services continued to function, minimizing disruptions to students and staff. However, the scope of the attack and the potential for further exposure of sensitive data remains a serious concern, as personal and institutional information could be compromised if the hackers’ threats are carried out.
Funksec, a cybercriminal group that emerged at the end of 2024, has developed a reputation for using double extortion tactics in its attacks.
Double extortion involves encrypting stolen data and demanding a ransom for its release, while also threatening to publish the data online if the ransom is not paid. This tactic has made the group notorious for targeting high-profile institutions, including governments and large corporations. The hackers set a deadline of March 19, 2025, for the University of Rennes to meet their demands. If the university fails to comply, Funksec has stated it will release the stolen data, which could have serious implications for the individuals whose personal details are involved.
This attack is part of a growing trend of cybercriminals targeting educational institutions, which often hold a wealth of sensitive information. Universities, like the University of Rennes, are attractive targets because they store large amounts of personal data, including academic records, medical information, and contact details. The increase in ransomware attacks on educational organizations highlights the vulnerabilities these institutions face in the digital age. As the deadline approaches, the University of Rennes is under pressure to secure its systems and prevent further data breaches, while also managing the fallout from the attack.
Reference: