Ruhr University Bochum shuts down main servers after cyberattack
The Ruhr University Bochum (RUB), Ruhr-Universität Bochum in German, announced today that it was forced to shut down large parts of its central IT infrastructure, also including the backup systems, due to a cyberattack that took place overnight, between May 6 and May 7.
RUB is a German university from the central Ruhr area in Bochum with over 42,900 students and 5,800 employees, placed in the top 500 universities in the world by four ranking tables in the last two years.
"Due to significant technical problems in the IT infrastructure, a large number of systems have not been available since around 8 a.m. on Thursday, May 7, 2020," the university announced this morning.
"As a result, all RUB members, for example, have no access to the Outlook mail program and the VPN tunnel, which is necessary to access folders from the home office. The internal service portal cannot be selected either."
At 10:35AM, RUB said in an update that its systems were affected by a cyberattack that targeted the university's central IT infrastructure and prompted the shutdown of a large part of the IT infrastructure.
"As the overall situation is still unclear, IT Services recommends shutting down all connected Windows-based server systems in the faculties as well," RUB added.
"The type of attack is currently being analyzed," the university later detailed in a press release issued at 2:40 PM. "As an immediate measure, all central servers and backup systems that could be affected were shut down."
RUB students and employees are advised to limit the usage of Windows-based applications to the most necessary communication processes, not to open any email attachments, and to send documents that need to be shared as PDFs.
The university also said that its administration systems are currently unavailable, as are e-mail services via the Exchange system.
RUB-Mail, Moodle, Rub-Cast, Zoom, and Matrix (Riot) are still available, and RUB's IT staff says that they shouldn't be impacted by the cyberattack.
It is considered very unlikely that these applications will be affected by the attack or that there could be a danger. The use of these systems is therefore permitted, in particular to maintain the operation of digital teaching. Digital teaching is therefore currently possible without restrictions via these systems. - RUB
RUB's IT services helped by an external team of security experts are currently analyzing the type and extent of the damage caused by the overnight cyberattack.
They are also trying to establish a future course of action and will be sharing additional information regarding the attack and recommendations as soon as more details are discovered.
University of Duisburg-Essen (UDE) also issued a security advisory reminding their own employees and students to be careful while exchanging data over shared platforms and to be suspicious of any unexpected emails.
UDE also warned that "[d]ue to the close cooperation of our universities, there are many interfaces through which an infection could spread."
It is currently unknown if any data belonging to students, employees, or researchers was accessed or exfiltrated during the attack, or if any of the systems were infected with a malware strain.
Last year, Maastricht University (UM) announced that 1,647 Linux and Windows servers, as well as 7,307 workstations, were encrypted by attackers after deploying a Clop ransomware payload following an attack that took place on December 23.
During February, UM disclosed that it paid the 30 bitcoin ransom requested by the attackers to restore all the encrypted files, attackers which were later identified by Fox-IT as the financially motivated TA505 hacker group.
H/T Günter Born
Gloss