“We hope that our computer systems will be restored before the start of the spring school year on Monday.” At 3 p.m. Friday, the University of Neuchâtel (UniNE) was hard at work trying to regain control over its servers affected by a cyberattack, according to the institution’s communication manager. “The problem was identified Thursday evening between 10 p.m. and 11 p.m.”, he specifies, confirming information from the Neuchâtel daily ArcInfo.
Measures were immediately taken to stem what he said was ransomware. “At this time, we have not received a ransom demand. Our IT department blocked all possible connections, which rendered all of our internal systems inoperative. He is currently working with outside experts to restore a backup from before this event, prioritizing certain features, such as our website.” The latter was also accessible again on Friday at 4:20 p.m.
Work in progress also aims to collect information to find the origin of the attack. At the current stage, the UniNE only specifies that it is about “maliciousness coming from outside”. It also does not yet have any information about a possible data theft.
Schools already targeted in the past
If a ransomware attack is a priori a first for a Swiss university, several other institutions had already been targeted by hackers in recent years (the two EPFs as well as the universities of Geneva, Lausanne, Friborg and even Basel). In these different cases, hackers had managed to get their hands on personal identifiers to embezzle salary payments or make scientific articles from major journal publishers freely accessible, according to our colleagues from Heidi.news.
Last August, the Intercantonal Gymnasium of La Broye and the University of Lichtenstein saw their data encrypted. A backup restoration had allowed the first to avoid the payment of a ransom. The second had taken nearly two months to restore all of its services. More generally, soon not a week goes by without Swiss administrations, institutions or companies falling victim to cybercriminals.
In this context, did the UniNE consider itself a target and had it taken preventive measures? “An institution like ours is by definition networked and we are constantly subjected to attacks of this kind. Our IT department is very experienced and works daily to protect us. In this case, despite everything, someone managed to find a fault”, concedes the communication manager.
Occurring at the end of the holidays, this attack did not disrupt teaching. Classes will be able to resume on Monday even if the school’s systems are not restored. “We could even work remotely, because we use external applications to broadcast the lessons,” he concludes.