Ransomware attacks: Universities back online after 'zero-day' infections

Two university have restored systems to normal following cyberattacks which may have been made more potent with the use of zero-day flaws.
Written by Danny Palmer, Senior Writer

The ransomware attack targeted UCL - one of the UK's most prestigious universities.

Image: UCL

Computer systems have now been restored at two universities which were forced offline following ransomware attacks.

On Wednesday 14 June, both University College London and Ulster University were infected with ransomware in separate incidents.

Both universities have referred to the ransomware potentially exploiting a zero-day vulnerability, but it is currently unclear if there is a link between the two attacks or which family of ransomware caused the infections.

The incident response team at UCL - one of the UK's most prestigious universities - temporarily blocked access to shared and network drives to reduce further spread of the malware. Full access to the network drives was restored on Friday, but the shared drives remained read only.

But in an update posted on Monday morning, UCL has said that all shared drives were once again fully operational, but that all staff should remain vigilant to the possibility of another infection and should remain mindful of pop-ups, unusual emails or any other suspicious behaviour.

University staff believe the ransomware infiltrated the network via users visiting a compromised website, although phishing hasn't been entirely ruled out.

Whatever that attack method, it managed to bypass all antivirus software and its primary target was Windows systems - no Mac or Linux machines were infected.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

Due to its close links with UCL, Barts Health NHS Trust briefly took some systems offline as a precaution -- just a month after it was badly hit by the WannaCry ransomware epidemic.

"We apologise for the inconvenience this ransomware attack has caused and we will review this incident to ensure any learning points are used to enhance our protection in future," UCL's Information Services Division (ISD) said in a statement.

UCL Security staff have suggested the ransomware outbreak could have been as a result of a zero-day attack, something which Ulster University has also suggested, citing consultation with its anti-virus supplier.

Access to Ulster University file shares were temporarily blocked in order to prevent further spread before being restored with limited read-only access on Thursday. As of Monday 19 June, services all have been restored.

"Additional scans this morning indicate that the current incident is under control and ISD have restored Write Access to the File Share System," Ulster ISD said in a statement.

Departments directly affected by the incident have had data restored from backups taken on Tuesday 13 June, the day before the ransomware attack.

These university ransomware attacks come a month after the the WannaCry outbreak, which used worm-like features to infect hundreds of thousands of Windows PCs around the world.

The high-profile incident highlighted how easily ransomware can disrupt systems, and things are only likely to get worse before they get better.


Editorial standards