Major 'zero-day' ransomware attack strikes UCL university campus

Services across one of the UK's top universities taken offline or restricted as staff look to contain the malware outbreak - and it isn't the only academic institution to be attacked with ransomware.
Written by Danny Palmer, Senior Writer

University College London is one of the UK's top universities.

Image: UCL

One of the most prestigious universities in the UK has been struck by a 'major ransomware attack', which bypassed antivirus software, leaving staff without access to files.

University College London (UCL) was attacked yesterday, with IT security staff stating it's possible malware entered the network via a phishing email, which was opened by several users across the university.
However, a later update from security personnel has also suggested the outbreak could've been caused by "users visiting a website that had been compromised rather than being spread via email attachments".

Once the ransomware was run, it encrypted files on both local and shared network drives, in what UCL believes could be a zero-day attack.

A day on and the university is still suffering the after-effects, with access to some systems still unavailable to staff and students, including, in some instances, the desktop@ucl remote access virtual desktop service, which is still running slowly.

The ransomware has only targeted Windows users, with no reports of the attack infecting Mac or Linux machines.

As a result of the incident, the UCL Information Services Division (ISD) temporarily blocked access to shared and network drives to reduce further spread, although users can now view files again in read-only mode.

The university has also warned personnel against opening attachments in an effort to avoid further infections.

See also: 3 best practices for protecting yourself from WannaCry and other ransomware attacks | Ransomware: An executive guide to one of the biggest menaces on the web

"It is vital we all maintain a high level of vigilance when opening unexpected emails. If the email is unexpected or in any way suspicious then you must not open any attachment or follow any link in the email. Doing so may lead to loss of your data and very substantial disruption to the university," said ISD staff.

As of the morning of Thursday 15th June, the statement says that UCL "continues to be subject to a cyberattack", although action has been taken to prevent the spread of the malware.

ISD has apologised for the inconvenience to users but insists it is looking to eliminate the malware and restore services as soon as possible. In the meantime, it urges users to "be vigilant" when it comes to opening email attachments and to report unusual emails or irregular computer behaviour.

UPDATE: As of 15:00 on Wednesday 15th June, some of the university's systems remain offline.

Ulster University has also come under a ransomware attack "The University is currently subject to a ransomware attack with significant number of file shares affected," the institution said in a statement.

The Ulster attack also took place on Wednesday and the information services department has temporarily blocked access to file-sharing to minimise the spread. The most recent backups were taken the day before the attack.

"We apologise for the obvious disruption this will cause however it is important that we reduce the impact of any potential damage as much as possible," said Ulsters information services division.

These ransomware attack comes one month on from the WannaCry outbreak, which used worm like features to infect hundreds of thousands of Windows PCs around the world.

While the incident was very high profile, it's highlighted how easily ransomware can disrupt systems - and things are only likely to get worse before they get better.


Editorial standards