Rome’s “La Sapienza” university has been targeted by a cyberattack that impacted its IT systems and caused widespread operational disruptions at the educational institute.
The university first disclosed the incident in a social media post earlier this week, saying that its IT infrastructure “has been the target of a cyberattack.”
“As a precautionary measure, and in order to ensure the integrity and security of data, an immediate shutdown of network systems has been ordered,” the organization said.
Source: BleepingComputer
The university, which is Europe’s largest by number of in-campus students, with over 112,500 enrolled, notified the authorities of the incident and formed a technical task force to initiate remediation and restoration procedures.
As of writing, the university’s website remains offline, and new status updates published on Instagram reflect a continued effort to recover from the cyberattack.
As of yesterday’s announcement, temporary “infopoints” have been set up for students to provide information accessible through digital systems and databases that are currently unavailable.
Although the university has not disclosed much information about the attack type or the perpetrators, Italian newspaper Corriere Della Sera claims that the incident is a ransomware attack perpetrated by a pro-Russian threat actor called Femwar02 and resulted in data encryption.
The outlet released the information based on malware characteristics and operational patterns, which are similar to the Bablock/Rorschach ransomware.
This is a ransomware strain that first appeared in 2023, featuring fast encryption speeds and extensive customization options. Cybersecurity company Check Point estimated that it was a project built from bits of the leaked sources of Babuk, LockBit v2.0, and DarkSide.
According to Corriere Della Sera’s sources, a ransom exists, but the university staff has not opened it to avoid triggering the 72-hour timer. Hence, the ransom amount hasn’t been specified.
Currently, the university’s technicians are working together with Italian CSIRT and specialists from Agenzia per la Cybersicurezza Nazionale (ACN) and the Polizia Postale to restore the systems from backups, which have reportedly not been impacted.
Although Rorschach does not operate an extortion portal on the dark web, stolen data could be disseminated or sold to data extortion groups, so the risk of it ending up online remains significant.
Given the situation, students and staff at Sapienza University of Rome should remain on high alert for phishing attacks, avoid clicking links in unsolicited communications, and monitor accounts for suspicious activity.
Modern IT infrastructure moves faster than manual workflows can handle.
In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.