A hacker attack it hit the University of Rome “La Sapienza”. According to the information available, it was caused by BabLock ransomwarewhich according to several analysts could be attributable to a group of pro-Russian cybercriminals. The cyber attack took place on 2 February: today, 5 February, the 72 hours provided by the hackers to pay the ransom (which generally involves payment in bitcoin) expire, otherwise all the University’s data is at risk to be permanently cancelled.
In support of the university technicians, who took the website and the website offline Infostud platformis also working onNational Cybersecurity Agency (ACN), with the aim of gradually making the services now compromised accessible. In the last few hours, among other things, news about Sapienza degree diplomas has begun to spread for sale on the dark web: in reality, the two events are not related to each other, given that the platform on which the fake degrees are for sale also offers options for global universities, such as Harvard And Stanford.
What happened with the hacker attack on the Sapienza University of Rome
According to initial hypotheses, the hackers would have exploited some technical flaws in the infrastructure or security networkprobably entering via the mailbox of a system administrator: in the last few hours the University technicians have been at work supported by the Cyber Security Unit of the National Agency for Cybersecurity (ANC) and by the Postal Police.
The amount of the ransom was not disclosed by the University, although for these types of attacks i ransoms they can reach an amount up to one million eurosusually required in cryptocurrencies. If the hackers are not blocked promptly, the data of the University and all its students could be deleted, encrypted or exposed online. Clearly, experts advise against paying these large sums, as they do not guarantee the certainty of fully recovering the data and, on the contrary, could entice criminals to request additional money.
What is the BabLock ransomware used against the University
In general, ransomware is a particular type of malware that blocks access to data of a victim through a complex encryptionmaking i unusable files until a ransom is paid: hence the name “ransom”.
The ransomware used is in this case it would appear to be BabLockattributed by several analysts to pro-Russian cybercriminal groups given that they generally do not attack infrastructure of Russian origin. At the moment, however, no criminal group officially claimed thehacker attack and the signature that was used, Femware2is unknown.
The situation now and what the University is doing to defend itself
According to what was reported by sources close to the University, all the computers in the administrative area were encrypted, forcing the University to use exclusively paper documents when possible.
At the moment, the objective of the Sapienza technicians is to isolate the threat And gradually restore all digital services: for security reasons, also the university website and the Infostud platform have been taken offline temporarily. It must be said, however, that the University should have backups disconnected from the Internetwhich is allowing experts to clean up infected systems and recover data without having to pay the ransom.
On its social profiles, La Sapienza University also communicated the establishment of a dense network of Infopoints in the various departments, dedicated to providing information regarding the management of exams: the hacker attack, in fact, has blocked all too digital procedures for registration and verbalization of the exams universities, as well as the payment of taxes university students and completing any required forms online.
In the latest updates, it has been confirmed that the exams will take place regularlywhile the deadlines for payment of the second installment and for degree applications will be postponed: some communication channels, including the emailhowever, remain partially limited.
