One of Europe’s largest universities knocked offline for days after cyberattack

The computer systems of Sapienza University of Rome, one of the largest universities in Europe with around 120,000 students, have been offline for three days after what appears to be a ransomware attack.

In a post and a series of Instagram stories published on Tuesday, the university said it proactively shut down its systems as a precaution following the cyber incident. The school said it is investigating what happened and working to restore all digital services, noting that some communication channels, including email and workstations, are currently “partially limited.”

The university also said it is restoring systems using backups that were not affected by the attack.

As of this writing, Sapienza’s official website remains unavailable.

Italian daily newspaper Il Corriere della Sera reported this week that a ransomware attack caused the disruption, though neither the university nor authorities has formally confirmed that assessment. According to the report, the attackers allegedly sent the university a link containing a ransom demand with a 72-hour countdown timer that would begin only once the link is opened.

Sapienza did not respond to a request for comment from TechCrunch, which was sent via email. It remains unclear whether the university can currently receive email communications.

Spokespeople for Italy’s national cybersecurity agency, Agenzia per la Cybersicurezza Nazionale (ACN), which is investigating the incident, also did not immediately respond to a request for comment seeking further details or confirmation that ransomware was involved.

In a follow-up article publishedon  Wednesday, Il Corriere reported that the hacking group responsible for the attack is allegedly called “Femwar02,” a previously unknown group. The attackers are said to have used BabLock malware, first identified in 2023 and also known as Rorschach, according to the report.

Sapienza said exams are continuing as scheduled, but students who need to register must do so directly with their professors. The university has also set up several on-campus “infopoints” to provide students with updates and assistance during the outage.

Universities and educational institutions, like many other organisations, are frequent targets of cybercriminals. Last year, the notorious hacking group ShinyHunters breached Harvard University and the University of Pennsylvania, stealing data without deploying malware to encrypt systems, in an attempt to extort the schools. The hackers disclosed earlier this week that neither university paid the ransom demands.