A leading UK university has warned staff and students that it will take weeks to recover from a recent ransomware incident, with a well-known threat group already posting stolen documents.
Newcastle University in the north-east of England is part of the elite Russell Group. It claimed to have been attacked on August 30 2020 with most university systems unavailable or restricted indefinitely.
“The nature of the problem means this is an on-going situation which we anticipate will take a number of weeks to address,” it said in an update on Monday. “We hope to have a better estimate at the end of this week.”
Still available to staff and students during this time are Office 365 including email, Office applications and Teams, Zoom, SAP core services and the Canvas virtual learning environment.
However, the university IT team (NUIT) also warned on Friday that services which are operating may need to be taken down without notice, that “colleagues may lose access to their IT accounts without notice and they may not be re-enabled quickly,” and that PCs, servers and other assets may need to be removed for investigation.
The attack happened at around the same time as Newcastle’s other higher education institution, Northumbria University, also suffered a ransomware outage.
They appear to have been timed to cause maximum damage as the universities prepare for the start of the new academic year — one in which online services will play a key part as remote students log-in to attend classes and receive assignments.
The bad news for Newcastle University is that the notorious DoppelPaymer group has begun posting documents it claims to have stolen from its servers to its dedicated “Doppel Leaks” site.
Previous victims of the group include Mexican petrochemical giant Pemex and SpaceX contractor Visser Precision.
According to Group-IB, DoppelPaymer ranks alongside Ryuk and REvil as one of the “greediest ransomware families with highest pay-off.”