Cyberattack Forces La Sapienza University Offline
▼ Summary
– Rome’s La Sapienza University suffered a cyberattack that disrupted its IT systems and operations, leading to a precautionary network shutdown.
– The university, Europe’s largest by on-campus enrollment, formed a task force and is working with authorities to restore systems from backups.
– An Italian newspaper attributes the attack to a pro-Russian group using Rorschach ransomware, but the university has not officially confirmed details.
– A ransom note exists but hasn’t been opened to avoid starting a timer, and there is a significant risk of stolen data being leaked or sold.
– Students and staff are advised to be vigilant for phishing and monitor accounts as recovery efforts, including temporary information points, continue.
A major cyberattack has forced La Sapienza University in Rome, one of Europe’s largest educational institutions, to take its entire network offline. The precautionary shutdown was implemented to protect data integrity and security, causing widespread operational disruptions for its over 112,500 enrolled students. The university first alerted the public to the incident through social media, confirming its IT infrastructure was targeted and that a technical task force was assembled to manage the response.
Authorities, including the Italian CSIRT, the National Cybersecurity Agency (ACN), and the Postal Police, have been notified and are collaborating with university technicians on remediation. Initial recovery efforts involve restoring systems from backups, which are reported to be unaffected. While the university’s official website remains inaccessible, temporary information points have been established to assist students during the outage, with status updates being provided via Instagram.
Although the university has not officially confirmed details, reports from Italian media suggest the incident is a ransomware attack carried out by a pro-Russian threat actor known as Femwar02. The malware’s characteristics reportedly align with the Bablock/Rorschach ransomware strain, a fast-encrypting variant that first emerged in 2023. Cybersecurity analysts believe this ransomware was developed using code from leaked sources of other notorious strains like Babuk, LockBit, and DarkSide.
Sources indicate a ransom demand exists, but university staff have deliberately avoided opening it to prevent activating a potential 72-hour countdown timer, leaving the specific amount unknown. A significant concern is the potential for data theft, as the Rorschach ransomware does not typically operate a dedicated dark web leak site. This raises the risk that any stolen information could be sold or disseminated by other data extortion groups.
In light of these events, students and staff are advised to exercise heightened caution. Remaining vigilant against phishing attempts is critical; individuals should avoid clicking links in unsolicited emails or messages and closely monitor their accounts for any unusual activity. The collaboration with national cybersecurity experts aims to restore services securely while investigating the full scope of the breach.
(Source: Bleeping Computer)
