University warns that 'serious cyber incident' could take weeks to fix

A ransomware gang has claimed responsibility, while the university says the attack will take several weeks to resolve.
Written by Danny Palmer, Senior Writer

Newcastle University has been hit by a cyberattack that it says will take weeks to fix – and while the institution hasn't confirmed the nature of the incident, a ransomware gang is threatening online to leak the personal data of students.

The university first started reporting issues with IT systems on September 1, which has since lead to almost all university systems used by students and staff becoming restricted or unavailable in an effort to stop further disruption by the attack.

"It is essential that our IT estate is free from any malware and secure before we start the recovery process," said an update by the university on September 2.

SEE: Security Awareness and Training policy (TechRepublic Premium)

The type of malware that has infected the systems hasn't been disclosed by the university, but cyber criminals have claimed responsibility for a ransomware attack against the university – and they're threatening to release the personal data of students.

The DoppelPaymer ransomware gang has become known for demanding large Bitcoin ransoms from victims and has in the past posted personal data stolen from systems before they were encrypted in an effort to force victims into paying up. DoppelPaymer is thought to be an updated version of BitPaymer ransomware.

However, the university is yet to confirm if it has fallen victim to a ransomware attack, let alone the specifics of the ransomware family that has potentially compromised its systems. It has only said that "investigations are ongoing" into the cyberattack and that "many IT services are not operating".

ZDNet has attempted to confirm the nature of the attack, but at the time of publication is yet to receive comment from the university.

In a FAQ about the incident published online, Newcastle says the nature of the problem means it'll take "several weeks" for services to return to normal – something that could potentially disrupt the start of the new term for both staff and students. New students are due to arrive on 28 September, with existing students set to return after that.

In answer to the question "Is my personal data compromised?", the FAQ says: "The investigation into the incident is still at an early stage. IT colleagues continue to work hard on the systems recovery plan, and to support the Police and the National Crime Agency with their enquiries.

"Please be assured we take the security of our systems extremely seriously and we were able to respond quickly to this incident.  This is now the subject of a Police investigation and our team in NUIT is working extremely hard with a number of agencies to address the issue," the statement adds.

SEE: Cybersecurity: Four ways you can keep the hackers away

The incident has been reported to the Information Commissioner's Office and the UK's National Cyber Security Centre (NCSC) has also been informed.

"We are aware of an incident affecting Newcastle University and are providing support," an NCSC spokesperson told ZDNet. "The NCSC works closely with the academic sector to improve its security practices and help protect academic establishments from threats."

Ransomware continues to plague organisations around the world and it has become the quickest and easiest way for cyber criminals to make money from compromising entire networks. Crooks can potentially make millions from a single ransomware campaign and the nature of ransomware attacks means that they're often difficult to trace back to the attackers, so cyber criminals don't get caught.


Editorial standards