The malware made its way onto the university's network on June 14 through a phishing email and started to spread, infecting user accounts and shared drives. The university's systems were not alerted to any viruses or suspicious activity, suggesting that this could be a zero-day attack.
The information security team disabled a number of drives to try and stem the spread of the malware and, the department declared, “UCL's information Security team is actively working with the affected users to identify the source of the infection and to quarantine their machines and file-stores.”
The affected drives have since been made read-only and some system storage has been taken offline.
As of 8 am, the department said, “UCL continues to be subject to a cyber-attack although we have taken action to stop the spread of the malware.”
“UCL appears to be running ‘naked' Office 365 for its email security gateway. This is case in point for why all organizations need to ask if they are happy to trade defense-in-depth strategies for single vendor reliance when moving to the cloud," Steve Malone, Mimecast's director of product management told SC Media, adding "On a positive note it's good to see they have regular backups in place to protect student data but a true cyber resilience approach would minimize disruption during the attack."
The University has warned users not to open any attachments or links within suspicious emails and to report them.
University College London Hospitals have also closed their email servers in a bid to protect themselves from a ransomware infection. So have Barts Health NHS Trust and East and North Herts NHS trust. A large ransomware campaign last month infected dozens of NHS trusts and paralysed services.
Universities “have the worst of both worlds, Vince Warrington, founder of Protective Intelligence Ltd, told SC Media UK, "they're not like normal businesses where you have a lot of control over what people access."
Firstly, university's are often treasure troves of valuable information and private research. Faculty will often have particular computing demands, or run pieces of software that only run on particular operating systems. On top of that, added Warrington you've got a whole student body who will expect an internet surfing experience that is identical to their ones at home: "its very difficult to bolt it down - I'd be amazed to find a UK university which could completely filter out pornography."
Its an unenviable position: “you've got research which people would be interested in getting hold of and your a multi million pound business as well and you're also having to provide thousands of students with free internet access and allow them to do whatever they want."