Both universities have referred to the ransomware potentially exploiting a zero-day vulnerability, but it is currently unclear if there is a link between the two attacks or which family of ransomware caused the infections.
The incident response team at UCL - one of the UK's most prestigious universities - temporarily blocked access to shared and network drives to reduce further spread of the malware. Full access to the network drives was restored on Friday, but the shared drives remained read only.
But in an update posted on Monday morning, UCL has said that all shared drives were once again fully operational, but that all staff should remain vigilant to the possibility of another infection and should remain mindful of pop-ups, unusual emails or any other suspicious behaviour.
University staff believe the ransomware infiltrated the network via users visiting a compromised website, although phishing hasn't been entirely ruled out.
Whatever that attack method, it managed to bypass all antivirus software and its primary target was Windows systems - no Mac or Linux machines were infected.
"We apologise for the inconvenience this ransomware attack has caused and we will review this incident to ensure any learning points are used to enhance our protection in future," UCL's Information Services Division (ISD) said in a statement.
UCL Security staff have suggested the ransomware outbreak could have been as a result of a zero-day attack, something which Ulster University has also suggested, citing consultation with its anti-virus supplier.
Access to Ulster University file shares were temporarily blocked in order to prevent further spread before being restored with limited read-only access on Thursday. As of Monday 19 June, services all have been restored.
"Additional scans this morning indicate that the current incident is under control and ISD have restored Write Access to the File Share System," Ulster ISD said in a statement.
Departments directly affected by the incident have had data restored from backups taken on Tuesday 13 June, the day before the ransomware attack.
These university ransomware attacks come a month after the the WannaCry outbreak, which used worm-like features to infect hundreds of thousands of Windows PCs around the world.