University ransomware attacks: services remain disrupted, warnings over further attacks

University College London and Ulster University are still dealing with the aftermath of ransomware attacks, which could be linked according to security experts.
Written by Danny Palmer, Senior Writer

UCL, one of the most prestigious universities in the UK, has suffered a ransomware attack, along with Ulster University.

Image: UCL

Computer systems at two universities are yet to be fully restored following ransomware attacks that struck them over 48 hours ago.

On Wednesday 14th June, University College London and Ulster University both came under attack from ransomware.

Security staff at the UCL Information Services Division (ISD) temporarily blocked access to shared and network drives to reduce further spread of the malware, which it's believed infiltrated the network via users visiting a compromised website. The attack also caused problems for the university's remote access virtual desktop service.

Now UCL users can access -- and alter -- files on the network drives, but the shared drives remain read only.

"We will reassess S drive access once we are confident that opening up the N drive again has not resulted in further infection or spread of the malware," said staff in an update, which detailed their continuing efforts to investigate the attack and restore services.

The attack managed to bypass all antivirus software and the ISD have suggested the incident could be a 'zero-day' attack. It has only targeted Windows users, with no reports of Mac or Linux machines being infected.

UCL's ISD has told staff and students to "remain vigilant to the possibility of another infection" and to be mindful of pop-ups, unusual emails or any other suspicious behaviour.

Due to its close links with UCL, Barts Health NHS Trust took some systems offline as a precaution. Now all essential systems are running but access to some external webmail remains blocked as a "precautionary measure" a Trust spokesperson told ZDNet.

The precautions by Barts NHS Trust -- the largest hospital group in the UK -- comes after it was hit hard by last month's WannaCry epidemic.

See also: 3 best practices for protecting yourself from WannaCry and other ransomware attacks | Ransomware: An executive guide to one of the biggest menaces on the web

Meanwhile, an incident response team at Ulster University is still investigating its ransomware attack, which has impacted a 'significant number' of file shares.

Currently, these services remain read-only in preparation for service restoration, which is expected to take during the afternoon on Friday 16th June.

"Please report any unusual emails received or any irregular behaviour of your computer to the Service Desk immediately," Ulster University ISD warns users.

There's no concrete evidence that the two university cyberattacks are related, but security experts have warned that the two incidents could be linked -- and there could be more to come.

"You don't have to be a detective to see the pattern there; somebody is deliberately targeting universities. There may be others out there that we don't yet know of, but either way, I would strongly advise all universities to be on high alert for the potential threat," said Fraser Kyne, EMEA CTO at Bromium.

These university ransomware attacks come a month after the the WannaCry outbreak, which used worm-like features to infect hundreds of thousands of Windows PCs around the world.

The high-profile incident highlighted how easily ransomware can disrupt systems, and things are only likely to get worse before they get better.


Editorial standards