University College London (UCL), ranked seventh in the most recent QS World University Rankings, was hit by a major cyber-attack on Wednesday lasting over 24 hours.
UCL first reported problems at 5pm London time on Wednesday afternoon.
The university described the incident as a “ransomware infection,” which brought down its shared drives and student management system.
The university warned staff and students that there was a risk of data loss and “very substantial disruption” as soon as the attack was reported.
Despite the institution’s status as a “centre of excellence in cyber-security research”, according to the GCHQ intelligence and monitoring service, cyber criminals were still able to hack UCL’s internal systems.
The central London university said that the hackers sent “phishing” emails including download links to destructive software.
The cyber attack is “largely under control now,” a UCL spokeswoman told Verdict.
Last month, the NHS was the target of a massive ransomware cyber-attack, affecting about 40 NHS organisations and some GP practices across the UK.
NHS Digital, which offers guidance to help health and social care organisations respond to cyber security threats, said in a statement immediately after the incident:
Our focus is on supporting organisations to manage the incident swiftly and decisively, but we will continue to communicate with NHS colleagues and will share more information as it becomes available.
Due to its close links with University College London Hospital (UCLH), Barts Health NHS Trust, the largest NHS trust in the UK, closed its mail server in response to Wednesday’s attack on UCL.
A spokesperson told The Guardian the trust:
The State of Technology This Week
Temporarily shut emails down to make sure nothing spread.
Security consultant Graham Cluley said that the most effective way of mitigating the negative consequences of a ransomware attack is to adopt a “secure back-up regime”.
“There’s a simple way to ruin a ransomware gang’s day, and that’s to have a secure back-up regime,” Cluley told the BBC. “Even if a strain of malware slips past your security layers, you should be able to recover – without paying the ransom – if you have a recent back-up that has not been compromised.