The cyberattack on the UAB will affect until the end of the year: the difficult management of a university without access to its computer system for months
On October 11, the Autonomous University of Barcelona (UAB) suffered a cyberattack whose consequences still last and are expected to last at least until mid-December. The attack affected the virtualization system that hosts a large part of the university’s corporate services, which in practice left the official website, the official emails, the Virtual Campus and the Internet inoperative. Students, professors and researchers were left without access to the university’s computer system, hampering much of your daily tasks.
Following established protocols, the university’s technical team isolated the affected machines. Several weeks have passed and work continues to gradually recover the systems, but the cyberattack has shown the difficulty of recovering the activity with the traditional method of paper and pen.
This is how the UAB is adapting to the lack of access to its IT system
Together with the Catalan Cybersecurity Agency and a specialized company, the UAB is working to recover the data, isolate it and analyze it. At the same time, they deny that a three million euro ransom has been requested. From the UAB they explain that no contact with cybercriminals has been initiated nor is there any evidence of data leakage.
Meanwhile, the solution to getting on with daily tasks has been bet on alternative technological solutions. Among them, some teachers for example have created Google Drive groups to share class material and documents.
🚨 Remember that you have a new website, provisional and with limited capacity, where you can consult the latest news and FAQs.
– Autonomous University of Barcelona (@UABBarcelona) October 15, 2021
During the first days, the university computers could not connect to any network, corporate or personal. A week later he proceeded to rewire the computers that passed a security inspection and an open Wi-Fi network was created (UAB-provisional) which could be accessed, although without the personal credentials of each user.
From the UAB ICT team, which has been informing users via Twitter o Telegram, it is explained that once the inspection is finished, the reinstall Windows 10 on all computers, recommending that if you have documents saved on your hard drive, they be saved in the cloud or external USB.
In the case of the computer rooms, they are providing service, but without connection to any network. For teachers it is allowed to use laptops in class, but without connection, as described in a FAQ created by the ICT team.
On November 2, it is expected that it will be possible to work again with the Microsoft environment (One Drive, Outlook, Teams), with whom it is collaborating. As an alternative to the Virtual Campus, Teams will be used as a corporate tool.
The Rector of the UAB has issued a resolution in which suspends the deadlines to process the different administrative procedures for a period of 2 months from the cyberattack. A margin so that those processes that had to be done at this time and required access to the web can be carried out later.
In parallel, from the university libraries they report that all books have been automatically renewed, except those with reservations.
The attack on the UAB is another example of the importance of cybersecurity in institutions and organizations. An area that the European Commission wants to reinforce with regulations such as the future Cyber-resilience Law, one under which it must try to ensure that computer systems have the “ability to anticipate, resist and recover from these cyber attacks.”
Image | Wikimedia