Newcastle University says it may take weeks to recover from ransomware attack

Newcastle University said it may take weeks to recover from a ransomware attack that disrupted operations on 30th August after hacker group DoppelPaymer claimed responsibility for the attack.

A few days ago, Newcastle University confirmed it had suffered a ransomware attack that caused operational disruptions across its IT networks and systems. The cyber attack affected all university systems with the exception of those listed in the communications (Office365 – including email and Teams, Canvas, and Zoom).

The university also said its online payments portal was not affected by the ransomware attack as the portal is managed off-site by a third-party payment services provider and is not hosted on Newcastle University servers.

The university added that because of the ransomware attack, access to study materials for on-campus and on-line induction and on-line teaching may not be available and the university is developing new materials to ensure students can access them by the time the new semester starts.

"The investigation into the incident is still at an early stage. IT colleagues continue to work hard on the systems recovery plan, and to support the Police and the National Crime Agency with their enquiries. Please be assured we take the security of our systems extremely seriously and we were able to respond quickly to this incident. This is now the subject of a Police investigation and our team in NUIT is working extremely hard with a number of agencies to address the issue.

"The nature of the problem means this is an on-going situation which we anticipate will take a number of weeks to address. We are working through recommendations from both our internal support teams and third parties. It is possible we will need to reset all NU user accounts but we will let you know when this needs to happen. Please do not do this until we notify you," the university added.

Hacker group DoppelPaymer claims responsibility for the attack

On Monday, hacker group DoppelPaymer, best known for targeting the networks of defence contractors with ransomware attacks, claimed on Twitter that it had hacked the network of Newcastle University and gained access to the personal data of staff and students.

"Dear students of the New Castle University Congratulations with an upcoming release of your personal data. What a great start of a new educational year," the group said via a Twitter post.

Commenting on the cyber attack suffered by Newcastle University, Kelvin Murray, Senior Threat Research Analyst at Webroot, said that British colleges are a constant target for malicious actors. BEC scams, ransomware, disruptive attacks such as DDoS, and research theft have all been factors in the wave of attacks we have seen over the last few years.

"In general, colleges and educational institutions are a common target for criminals, considering they are usually large sprawling organisations that are hard to administrate and secure. The service they provide is critical, which makes any downtime valuable. Most of the time, the precious data is on individual students’ laptops/desktops as well as university servers, and the monitoring of access and the massive challenge of stolen credentials pose real difficulties for IT departments.

"Therefore, to get to grips with the subject of cybersecurity, institutions need to engage cyber-resilience plans to protect their IT infrastructure and data regardless of the crisis. IT teams must properly audit all machines connected to their networks and the data they hold.

"Security awareness training should be implemented for staff and students from day one, ensuring that they are vigilant in scrutinising the types of emails they receive. This should be underpinned by cybersecurity technology such as email filtering, anti-virus protection, and sensible password policies," he added.

Read More: DoppelPaymer ransomware attack cripples NASA contractor’s network

MORE ABOUT: