Security staff at the UCL Information Services Division (ISD) temporarily blocked access to shared and network drives to reduce further spread of the malware, which it's believed infiltrated the network via users visiting a compromised website. The attack also caused problems for the university's remote access virtual desktop service.
Now UCL users can access -- and alter -- files on the network drives, but the shared drives remain read only.
"We will reassess S drive access once we are confident that opening up the N drive again has not resulted in further infection or spread of the malware," said staff in an update, which detailed their continuing efforts to investigate the attack and restore services.
The attack managed to bypass all antivirus software and the ISD have suggested the incident could be a 'zero-day' attack. It has only targeted Windows users, with no reports of Mac or Linux machines being infected.
UCL's ISD has told staff and students to "remain vigilant to the possibility of another infection" and to be mindful of pop-ups, unusual emails or any other suspicious behaviour.
Due to its close links with UCL, Barts Health NHS Trust took some systems offline as a precaution. Now all essential systems are running but access to some external webmail remains blocked as a "precautionary measure" a Trust spokesperson told ZDNet.
Meanwhile, an incident response team at Ulster University is still investigating its ransomware attack, which has impacted a 'significant number' of file shares.
Currently, these services remain read-only in preparation for service restoration, which is expected to take during the afternoon on Friday 16th June.
"Please report any unusual emails received or any irregular behaviour of your computer to the Service Desk immediately," Ulster University ISD warns users.
There's no concrete evidence that the two university cyberattacks are related, but security experts have warned that the two incidents could be linked -- and there could be more to come.
"You don't have to be a detective to see the pattern there; somebody is deliberately targeting universities. There may be others out there that we don't yet know of, but either way, I would strongly advise all universities to be on high alert for the potential threat," said Fraser Kyne, EMEA CTO at Bromium.
These university ransomware attacks come a month after the the WannaCry outbreak, which used worm-like features to infect hundreds of thousands of Windows PCs around the world.