Newcastle University infected with DoppelPaymer Ransomware

UK research university Newcastle University suffered a DoppelPaymer ransomware attack and took its systems offline in response to the attack.

UK research university Newcastle University was infected with the DoppelPaymer ransomware, in response to the incident it was forced to take systems offline on the morning of August 30th.

The Newcastle University did not provide info about the family of ransomware behind the attack, but the DoppelPaymer ransomware operators are claiming to be responsible. The gang already leaked 750Kb worth of stolen data on their data leak site ‘Dopple Leaks.’

IT staff at the university announced it will take several weeks to get the services back online after the attack.

The Newcastle University IT Service (NUIT) reported the incident to the UK Police and the National Crime Agency that is investigating the incident.

The Information Commissioner’s Office (ICO) and Office for Students were notified within 72 hours of the attack.

“On Sunday 30 August 2020, we became aware that the University had suffered a serious cyber incident which is causing operational disruption across our networks and IT systems,” reads the data breach notification.

“All University systems – with the exceptions of those listed in the communications (Office365 – including email and Teams, Canvas and Zoom) are either unavailable or available but with limitations. Access may cease at any point.”

At the time, the university hasn’t yet forced a password reset for its users, an action that could be adopted in the next hours as part of the incident response procedure conducted by the IT staff and external consultants.

Multiple services are still offline and other systems that are up and running could be taken offline if requested as part of the recovery and response procedure. The online payments portal is managed off-site by the university’s payment services provider and is not held on Newcastle University servers. 

Students and employees can still access to a limited set of IT services including Office365 (email, Office apps, Teams), Canvas, and Zoom.

Students and staff are recommended to copy their files to their OneDrive accounts.

“Where appropriate, we advise you to copy and save business-critical data and files to your OneDrive,” reads an update provided by the university. “New files can also be created and saved on your OneDrive. Please only transfer essential files and do not copy or send files to your personal accounts.”

DoppelPaymer ransomware has been active since June 2019, in November Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Newcastle University)

[adrotate banner=”5″]

[adrotate banner=”13″]