Newcastle University says it will take “several weeks” to recover from cyber attack

Newcastle University, in the North East of England, has suffered a cyber attack which has already caused several days of disruption to its IT services.

And, the university warns, it will “take several weeks” to get systems up and running again:

Our teams are working with a number of agencies to address the current issues and are taking further measures to secure the IT estate.

The nature of the problem means this will be an on-going situation for some time and it will take several weeks to address.

Please be aware:

* Many IT services are not operating and will remain that way for the duration.
* IT services that are operating may need to be taken down without notice.
* Colleagues may lose access to their IT accounts without notice and they may not be re-enabled quickly.
* NUIT may need access to any IT system you keep or use.
* We may need to remove PCs, servers or other devices if we find out they are impacted, in order to carry out detail investigations

Newcastle University doesn’t say as much, but it would be a brave person who would be prepared to bet that this was anything other than a ransomware attack.

If that’s the case then, depending on the family of ransomware responsible, the university’s IT team may not only be scrabbling to restore systems from secure backups (if they exist) but also facing the possibility that the hackers have exfiltrated sensitive data from compromised computer networks.

The police and Information Commissioner’s Office (ICO) have been informed about the security incident.

The announcement of the attack at Newcastle University follows hot on the heels of what sounds like a very similar attack at Northumbria University, which since the end of August has closed its Newcastle campus, and felt forced to reschedule exams, due to being “the victim of a cyber incident…which has caused significant operational disruption.”

It’s not been a great time for either university, with Newcastle University listed earlier this year amongst the countless victims of the disastrous Blackbaud data breach.

Whether either university was specifically targeted by hackers is unclear at this point, but educational establishments are frequently thought of as relatively easy-pickings for cybercriminals because of inadequate investment in cybersecurity, their open nature, and a rapid turnover of both staff and students.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon’s Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy.

Follow him on Twitter at @gcluley, or drop him an email.