The University of Hertfordshire experienced a cyber attack on 14 April at around 10pm and all of the University’s systems, including Microsoft Teams and Zoom, were affected.
Students were informed that online classes would be suspended, and were only expected to resume on 19 April. However, in-person teaching would continue as per normal.
The update from the University also states that students with deadlines falling on or after 9pm on 14 April would be given new submission dates to ensure that students would not be disadvantaged by the attack.
“The sheer size of the student and faculty at a university – in Hertfordshire’s case nearly 28,000 people – makes it incredibly difficult to secure and manage the IT estate.”
– Director of Alsid, Jérôme Robert
In addition to collaboration services such as Microsoft Teams and Zoom, the list of services unavailable after the attack included university login services, student records, student mobile and study services, Microsoft Office 365 access, network and Wi-Fi access, off-campus VPNs, data storage, staff email, and critical business systems.
The UK’s National Cyber Security Centre (NCSC) has been warning that academic institutions have been increasingly targeted for cyber-attacks. The reason being that they often lack the resources to secure data adequately, while also containing large amounts of personal information. Universities are also likely to face public pressure to pay the ransom.
Jérôme Robert, director of Alsid, a Cybersecurity vendor, said that universities are becoming increasingly aware of their status as prime targets for cyber-attacks. He said: “The sheer size of the student and faculty at a university – in Hertfordshire’s case nearly 28,000 people – makes it incredibly difficult to secure and manage the IT estate”.
As of 19 April, the status website shows that Student Records, Learning Resource, Data Storage, and University Business systems are still down.
Aside from the University of Hertfordshire, Newcastle University and Northumbria University also faced a ransomware attack in late August 2020.
The NCSC recommends academic institutions to pursue a ‘defence in depth’ strategy to mitigate their susceptibility to cyber-attacks. This includes taking steps to disrupt ransomware attacks and adopting practices to enable effective recovery, such as having offline backups.