A hacker attack hit the University of Rome “La Sapienza”. According to available information, it was caused by the BabLock ransomware, which according to several analysts could be attributable to a group of pro-Russian cybercriminals. The cyber attack occurred on February 2nd: today, February 5th, the 72 hours provided by the hackers to pay the ransom (which generally involves payment in bitcoin) expires, otherwise all University data risks being permanently deleted.
The National Cybersecurity Agency (ACN) is also working to support the university technicians, who took the website and the Infostud platform offline, with the aim of gradually making the now compromised services accessible. In the last few hours, among other things, news has begun to spread about Sapienza degree diplomas for sale on the dark web: in reality, the two events are not related to each other, given that the platform on which the fake degrees are for sale also offers options for world universities, such as Harvard and Stanford.
What happened with the hacker attack on the Sapienza University of Rome
According to initial hypotheses, the hackers would have exploited technical flaws in the infrastructure or security network, probably entering via the mailbox of a system administrator: in the last few hours the University technicians have been at work supported by the Cyber Security Unit of the National Cybersecurity Agency (ACN) and by the Postal Police.
The amount of the ransom was not disclosed by the University, although for this type of attack the ransoms can amount to up to one million euros, usually requested in cryptocurrencies. If the hackers are not stopped promptly, the data of the University and all its students could be deleted, encrypted or exposed online. Clearly, experts advise against paying these large sums, as they do not guarantee the certainty of fully recovering the data and, on the contrary, could entice criminals to request additional money.
What is the BabLock ransomware used against the University
In general, ransomware is a particular type of malware that blocks access to a victim’s data through complex encryption, making files unusable until a ransom is paid: hence the name “ransom”.
The ransomware used in this case appears to be BabLock, attributed by several analysts to pro-Russian cybercriminal groups given that they generally do not attack infrastructures of Russian origin. At the moment, however, no criminal group has officially claimed responsibility for the hacker attack and the signature that was used, Femwar02, is unknown.
The situation now and what the University is doing to defend itself
According to what was reported by sources close to the University, all the computers in the administrative area were encrypted, forcing the University to use exclusively paper documents when possible.
At the moment, the objective of Sapienza technicians is to isolate the threat and gradually restore all digital services: for security reasons, the university website and the Infostud platform have also been temporarily taken offline. It must be said, however, that the University should have backups disconnected from the Internet, which is allowing experts to clean up infected systems and recover data without having to pay the ransom.
On its social profiles, La Sapienza University also communicated the establishment of a dense network of Infopoints in the various departments, dedicated to providing information regarding the management of exams: the hacker attack, in fact, also blocked all digital procedures for registering and recording university exams, as well as the payment of university fees and the online completion of any required form.
In the latest updates, it has been confirmed that the exams will take place regularly, while the deadlines for paying the second installment and for degree applications will be postponed: some communication channels, including e-mail, however, remain partially limited.
