[BreachExchange] Ruhr University Bochum (RUB) IT System Went Down Following Cyber Attack

Destry Winant destry at riskbasedsecurity.com
Wed May 20 10:25:29 EDT 2020


https://latesthackingnews.com/2020/05/14/ruhr-university-bochum-rub-it-system-went-down-following-cyber-attack/

As ransomware threat actors continue their activities even in these
testing times, they now have targeted the educational sector.
Reportedly, the Ruhr University Bochum (RUB), Germany, has suffered a
ransomware attack. Following the incident, the University shut down
its IT infrastructure.

Ruhr University Bochum Disclosed Cyber Attack

The Ruhr University Bochum (RUB) has shared detailed updates regarding
a cybersecurity incident that affected the facility recently.

As revealed, the University suffered a cyber attack between May 6,
2020, and May 7, 2020. Consequently, on the morning of May 7, 2020, a
large number of varsity systems became unavailable. The incident
barred the University members from accessing the IT systems of the
University including Outlook and VPN. Moreover, they could also not
access the internal portal.

Upon noticing the matter, RUB’s IT Services started investigating the
matter. Within a few hours of the initial disclosure, the University
confirmed a cyber attack on its systems.

Following the attack on RUB’s central IT infrastructure, the facility
shut down almost entire IT services. However, they continued digital
teaching services as RUB-Mail, Moodle, Rub-Cast, Zoom, Matrix (Riot).

Besides, due to the shutdown, accessing anyone via email also became
impossible. However, the Chancellor assured that employees can be
reached via phone during office hours.

Ransomware Attack Suspected

In a recent press release, Ruhr University Bochum mentioned the attack
vector as an ‘encryption software’, which hints towards a ransomware
attack.

"The computer attack with an encryption software has mainly affected
the university administration."

 Besides, they further elaborated that the attack remained confined to
the university’s central servers and didn’t affect any external
servers. Hence, services like their learning platform Moodle, Sciebo,
Zoom or RUB-Cast remained unaffected during the incident.

Whereas, University’s emails, Windows systems Exchange and Sharepoint
suffered the impact.

 Although, they haven’t explicitly mentioned anything about the
ransom. However, the involvement of an encryption software indicates
towards a ransomware attack, since encryption is a typical trait of
such malware.

For now, the university continues with its investigations regarding the matter.

 Earlier this year, a similar incident surfaced online regarding the
Maastricht University as well. The University suffered a ransomware
attack just before Christmas.


More information about the BreachExchange mailing list