UNIVERSITY COLLEGE LONDON (UCL) has been whacked by a "major" ransomware attack that has encrypted files belonging to its students.
UCL has put out a notice warning that the attack, which affected its Windows machines only, was likely spread via a phishing email. It goes on to claim that the ransomware may even have involved a zero-day threat because of how it managed to bypass the university's existing security controls.
It is warning students to "maintain a high level of vigilance when opening unexpected emails," as opening them "may lead to loss of your data and very substantial disruption to the university.
"Currently it appears the initial attack was through a phishing email although this needs to be confirmed," UCL said in a statement.
"It appears the phishing email was opened by some users around lunchtime today. The malware payload then encrypted files on local drives and network shared drives. The virus checkers did not show any suspicious activity and so this could be a zero-day attack."
As a result of the attack, UCL has blocked access local drives and network shared drives. It also temporarily took its [email protected] and Desktop Anywhere services offline but says that these are now back up and running, albeit slowly.
"We take snapshot backups of all our shared drives and this should protect most data even if it has been encrypted by the malware," UCL added. Once we are confident the infections have been contained, then we will restore the most recent backup of the file. Backups are taken every hour."
UCL has said it will put out a further update later on Thursday.
Commenting on the attack, Thomas Fischer, threat researcher and security advocate at Digital Guardian, said that universities have become an "easy target" for ransomware attacks.
"One of the reasons for this is their open culture and complex user environment. There are large numbers of unmanaged and unsecured smartphones and devices, in the hands of young people who are generally unaware of what a phishing email or web-based threat looks like," he said.
"This - combined with a reluctance to invest in cyber security tools and typically overworked and underfunded IT departments - leads to an environment in which ransomware attacks can and have flourished."
More wise words from Mountain View
Firm failed to say that launch prices were only an 'introductory offer'
We think we all have an airbag problem
Give us a break