Edited photo of UCL building

University College London (UCL) admitted in a status report published yesterday afternoon that it had succumbed to a ransomware infection that affected computers on its network.

The infection appears to have taken place yesterday afternoon after an employee or student visited a malicious website. A UCL spokesperson said antivirus systems did not pick up the ransomware in its incipient stages.

"The virus checkers did not show any suspicious activity and so this could be a zero-day attack," UCL said in a statement, albeit this information should be taken at face value, as it has not been verified by a trained professional. "The malware payload then encrypted files on local drives and network shared drives," the university added.

UCL: It's not WannaCry

UCL did not say what ransomware variant infected its network but said today that it was not WannaCry. No Linux or Mac systems were affected.

What we know so far is that the ransomware is capable of spreading to shared drives. UCL's staff said they had to block access to two shared network drives to limit the ransomware's reach.

IT staff put the shared drives in read-only access, and they remained the same today, as UCL employees continued to battle with the infection.

Backups are available

UCL says it takes backups of its data on shared drives every hour. "Once we are confident the infections have been contained, then we will restore the most recent backup of the file," a spokesperson said.

In the meantime, the University is advising staff and students to take great care when dealing with suspicious or unsolicited emails.

It is vital we all maintain a high level of vigilance when opening unexpected emails.  If the email is unexpected or in any way suspicious then you must not open any attachment or follow any link in the email.  Doing so may lead to loss of your data and very substantial disruption to the university.

At the time of writing, the University's staff were still trying to stop the ransomware from spreading in their network. UCL did not respond to a request for comment.

UPDATE: Ulster University, also from the UK, announced a similar ransomware infection that also took root yesterday afternoon. Similarly, to protect data, IT staffers blocked access to shared drives.

Related Articles:

Microsoft Patches Windows Zero-Day Exploited in Cyber Attacks

The Week in Ransomware - November 9th 2018 - Mostly Dharma Variants

VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available

SEO Poisoning Campaign Targeting U.S. Midterm Election Keywords

New Microsoft Edge Browser Zero-Day RCE Exploit in the Works