The University College London (UCL) has been hit by a major ransomware attack on June 15, with the infection reaching personal and shared drives in the network.
UCL admins explained in updates posted on the official website that the infection was most likely possible because of a zero-day, pointing out that antivirus systems failed to detect any threat.
“Our antivirus software is up to date and we are working with anti-virus suppliers to pass on details of the infection so that they are aware of the incident. We cannot currently confirm the ransomware that was deployed,” one of the updates reads.
On the other hand, in a message posted on Twitter, UCL says that the infection is not WannaCry, the ransomware that hit Windows systems last month and exploiting an SMB vulnerability that Microsoft patched in March. Outdated systems were all vulnerable.
UCL said backups were being restored and this morning, a new statement confirmed that some of the drives infected by the ransomware had been cleaned, with write access to be restored as soon as possible.
Zero-day attack via compromised website
As for how the ransomware reached the network, nothing is confirmed so far, but UCL says that the zero-day attack occurred though a compromised website that was accessed by one of the computers in the university’s network.
“We are continuing to investigate the infection that is affecting UCL users. Our current hypothesis is that the malware infection occurred through users visiting a website that had been compromised rather than being spread via email attachments. However this remains unconfirmed at the moment,” UCL pointed out.