kaptn - Fotolia

University College London hit by ransomware attack

University restricts access to several IT systems and file shares to halt spread of malware

University College London (UCL) has urged students to treat suspicious-looking emails with caution following a ransomware attack that began to infect its IT systems on 14 June.

The university confirmed that the attack had damaged files stored on shared and personal drives, prompting it to restrict access to an unspecified number of IT systems to arrest the spread of the malware.

Some systems have been taken offline, while others have had their functionality scaled back, allowing users to access their files, but make no changes to them.

In a statement, the university said the measure had allowed it to “contain the risk of further infection”, as it set about trying to identify the source of it.

“We must continue to be vigilant,” the statement said. “If any email is unexpected or in any way suspicious, then you must not open any attachment or follow any link in the email.

“Doing so may lead to loss of your data and very substantial disruption to the university.”

The statement goes on to say that the affected systems will only be reinstated or return to full functionality once the university’s critical incident team is confident that the risk of it spreading further has been eradicated.

“We apologise for the obvious impact this will have across the university, but it is important that we act quickly to reduce the further spread of this malware,” the statement said.

Read more about ransomware

UCL went public with details of the attack on the afternoon of Wednesday 14 June, and issued a statement warning students not to open any email attachments until further notice.  

At the time of writing, the university had stopped short of publishing precise details about the ransomware, in terms of what demands the perpetrators may have issued to restore access to people’s data, for example.

However, the organisation has told followers of its Twitter social media account that the ransomware is unrelated to the WannaCry attack that blighted the NHS and other commercial organisations several weeks ago.

Read more on Antivirus, firewall and IDS products