Information Services are aware of a ransomware attack which has caused disruption at University College London. As a result of the ransomware infection they have had to remove access to personal and shared network drives, although these have now been returned to service in a limited, read-only manner. Due to this network drive restriction, some other UCL systems are also unavailable. Investigation of the incident is ongoing, but it is believed that the ransomware infection may have arrived at UCL via a malicious email. Although all applicable software updates had been applied and email scanning and anti-virus solutions were in place, the ransomware was still able to run and encrypt files, preventing access to the information held within them.
ENU staff are requested to remain vigilant, especially when dealing with emails containing links or attachments, or emails from unknown senders. If you are in any doubt as to the authenticity of an email message, please check with the sender via an alternative method, or seek advice from the IS Service Desk. Further guidance on Email Security is available here.
If you think you may have accidentally:
- Clicked on a web link in an email which resulted in unexpected or suspicious activity
- Opened an attachment in an email which resulted in unexpected or suspicious activity
- Are experiencing any other unexpected or suspicious activity on your PC e.g. pop-up messages
Please disconnect your PC from all wired and/or wireless networks and contact the IS Service Desk immediately.
To minimise the risk of disruption caused by a ransomware infection, please ensure that all University data is stored in an appropriate location such as the H: and S: drives or SharePoint, as these areas are backed up on a regular basis. Information Services will not be able to recover any data which is stored locally e.g. on your PC C: drive or an external USB drive, in the event that it is encrypted by ransomware.
Information Services contact details: