One of the most prestigious universities in the UK has been struck by a ‘major ransomware attack’, which bypassed antivirus software, leaving staff without access to files.
University College London (UCL) was attacked yesterday, with IT security staff stating the malware entered the network via a phishing email, which was opened by several users across the university. Once the ransomware was run, it encrypted files on both local and shared network drives, in what UCL believes could be a zero-day attack.
A day on and the university is still suffering the after-effects, with access to some systems still unavailable to staff and students, including, in some instances, the desktop@ucl remote access virtual desktop service, which is still running slowly.
The ransomware has only targeted Windows users, with no reports of the attack infecting Mac or Linux machines.
As a result of the incident, the UCL Information Services Division (ISD) temporarily blocked access to shared and network drives to reduce further spread, although users can now view files again in read-only mode.
The university has also warned personnel against opening attachments in an effort to avoid further infections.
“It is vital we all maintain a high level of vigilance when opening unexpected emails. If the email is unexpected or in any way suspicious then you must not open any attachment or follow any link in the email. Doing so may lead to loss of your data and very substantial disruption to the university,” said ISD staff.
As of the morning of Wednesday 15th June, the statement says that UCL “continues to be subject to a cyberattack”, although action has been taken to prevent the spread of the malware.
ISD has apologised for the inconvenience to users but insists it is looking to eliminate the malware and restore services as soon as possible. In the meantime, it urges users to “be vigilant” when it comes to opening email attachments and to report unusual emails or irregular computer behaviour.
The university’s critical incident team says it’ll review the situation later today
This zero-day ransomware attack comes one month on from the WannaCry outbreak, which used worm like features to infect hundreds of thousands of Windows PCs around the world.
While the incident was very high profile, it’s highlighted how easily ransomware can disrupt systems – and things are only likely to get worse before they get better.