University College London (UCL) admitted in a status report published yesterday afternoon that it had succumbed to a ransomware infection that affected computers on its network.
The infection appears to have taken place yesterday afternoon after an employee or student visited a malicious website. A UCL spokesperson said antivirus systems did not pick up the ransomware in its incipient stages.
"The virus checkers did not show any suspicious activity and so this could be a zero-day attack," UCL said in a statement, albeit this information should be taken at face value, as it has not been verified by a trained professional. "The malware payload then encrypted files on local drives and network shared drives," the university added.
UCL did not say what ransomware variant infected its network but said today that it was not WannaCry. No Linux or Mac systems were affected.
No it's not wannacrypt as far as we know— UCL ISD (@uclisd) June 14, 2017
What we know so far is that the ransomware is capable of spreading to shared drives. UCL's staff said they had to block access to two shared network drives to limit the ransomware's reach.
IT staff put the shared drives in read-only access, and they remained the same today, as UCL employees continued to battle with the infection.
UCL says it takes backups of its data on shared drives every hour. "Once we are confident the infections have been contained, then we will restore the most recent backup of the file," a spokesperson said.
In the meantime, the University is advising staff and students to take great care when dealing with suspicious or unsolicited emails.
At the time of writing, the University's staff were still trying to stop the ransomware from spreading in their network. UCL did not respond to a request for comment.
UPDATE: Ulster University, also from the UK, announced a similar ransomware infection that also took root yesterday afternoon. Similarly, to protect data, IT staffers blocked access to shared drives.