UCL

Image copyright
Getty Images

Image caption

UCL says it faced a “widespread ransomware attack”

University College London, one of the world’s leading universities, has been hit by a major cyber-attack.

The university says that it is a “ransomware” attack which threatens to disrupt and damage information held on computer systems.

Access to online networks is still being limited, with the attack continuing on Thursday morning.

The university has warned staff and students of the risk of data loss and “very substantial disruption”.

University College London (UCL) is a “centre of excellence in cyber-security research”, a status awarded by the GCHQ intelligence and monitoring service.

The central London university, ranked last week in the world’s top 10, says that a “widespread ransomware attack” began on Wednesday, using so-called “phishing” emails sent to university addresses, with links that would download destructive software.

Ransomware attacks are where organisations are computer systems are locked and threatened with destructive software unless payments are made.

Students and staff were warned that “ransomware damages files on your computer and on shared drives where you save files” and were told not to open any suspicious attachments.

The university says that it believes the risk of further infection has been contained, but it is urging staff and students to help with efforts to reduce any “further spread of this malware”.

Universities, which often carry out commercially sensitive research, have become frequent targets for cyber-attacks.

“There’s a simple way to ruin a ransomware gang’s day, and that’s to have a secure back-up regime,” said security consultant Graham Cluley.

“Even if a strain of malware slips past your security layers, you should be able to recover – without paying the ransom – if you have a recent back-up that has not been compromised.”

He said this could more complicated in educational establishments which can have a “wide range of different users sharing computers”.

Last month, the National Health Service in England and Scotland was subject to a significant ransomware cyber-attack, as part of an attack on institutions in many countries around the world.