Public Services > Education

UCL suffers ransomware attack

David Bicknell Published 16 June 2017

University says infection had impacted a number of users’ personal and shared drives; UCLH NHS trust said it was unaffected by attack


Just a month after being one of the high profile victims of a ransomware attack, the UK public sector has been hit again.

Last time, it was a string of NHS trusts. This time, it is a single university that has suffered.

University College London (UCL), the UK’s third largest university, admitted on an internal website that it had suffered an attack on Wednesday 14th June.

It said, “Yesterday we suffered a ransomware infection that has infected a number of users personal and shared drives. We took the decision to disable access to the UCL N and S drives and some other systems to reduce the likelihood of further infection.

“We apologise for the obvious impact this will have across the university but it is important that we act quickly to reduce the further spread of this malware. We believe that we have currently contained the risk of further infection but this is still under active investigation.”

In an update provided on Thursday evening, the university said, “We have continued to analyse the infection across the UCL filestore and the method of infection this is still ongoing.

“We have not seen any more users affected by the malware. We no longer think the infection came from an infected email but from users accessing a compromised website. Please be vigilant if you notice an unexpected popup or other unusual behaviour when you access a website close the browser and report it to Service Desk.

“We hope to be able to make some changes tomorrow but we will inform all users tomorrow morning before making any changes.”

The ISD team also issued a series of frequently asked questions covering the availability of the university’s N and S drives and what to do if a user believes a machine has been compromised.

The update could not say what the name of the ransomware was. It explained, “Our antivirus software is up to date and we are working with anti-virus suppliers to pass on details of the infection so that they are aware of the incident. We cannot currently confirm the ransomware that was deployed.”

University College London Hospitals (UCLH) NHS Foundation Trust was not impacted, it said. It issued a statement saying, "UCLH is not currently affected by the ransomware attack on UCL which occurred on Wednesday. On learning of the incident, we took a number of pre-emptive steps to ensure our systems were as protected as possible."

Related articles:

NHS faces searching questions over its information and IT governance

NHS faces mass IT systems failure following ransomware attack






We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.