UCL suffers ransomware attack

Hospitals with links to UCL have suspended their email servers in response to the phishing scam


UCL has been hit by a serious ransomware attack which has brought down its shared drives and student management system.

As a result of the attack, a number of hospital trusts have also taken the precaution of suspending their email servers. This is so not to risk a repetition of last month’s major WannaCry epidemic, which temporarily paralysed NHS computer systems and hit an estimated 1-2 million computer systems worldwide.

UCL first declared the problem at 5pm on Wednesday afternoon. It is thought that a phishing email, sent at around midday, allowed the ransomware to gain access to UCL’s servers, which enabled it to spread through the university’s network (N) and shared (S) drives. Access to these drives was restricted by 7pm, and they are currently available in read-only mode for students and staff. UCL students are being regularly updated by email on the progress of the university’s attempts to deal with the attack.

One of the emails the ISD Service Desk has sent UCL students

It is still unclear as to which specific strain of ransomware UCL’s systems were affected, but the university has warned that it may be a “zero-day” attack – one previously unheard of – since it was not detected by UCL’s antivirus software. The attack coincided with Microsoft’s release of an extremely rare security update for Windows XP and Windows Vista, which was accompanied by a warning of WannaCry-style attacks in the future utilising one of 16 different critical vulnerabilities.

An NHS trust closely associated with UCL, which goes by the name of University College London Hospitals, did not report any problems relating to ransomware, but some hospitals opted to suspend their NHS email systems anyway so as to prevent the possibility of a new ransomware outbreak.

The largest NHS trust in the UK, Barts Health NHS Trust, has close links with UCLH, and consequently it closed its mail server. A spokesperson in contact with The Guardian confirmed that the trust “temporarily shut emails down to make sure nothing spread.” In a similar statement, East and North Herts NHS trust said it shut down its NHS mail server as a “preventative measure, because we’ve been warned by other hospitals to do so.”