Ransomware in La Sapienza paralyzes services of one of Europe's largest universities

The University of La Sapienza in Rome is in a digital crisis that has paralyzed much of its services and left students and administrative staff without access to its platforms. The institution itself reported this week through its social channels that its computer infrastructure was the target of a cyber attack and that, as a preventive measure to protect data integrity, the networks were immediately shut down.

This is a serious blow, given that La Sapienza is one of the largest universities in Europe by number of students present on campus, with more than 112,500 enrolled. In addition to the temporary closure of systems, the institutional website remains inaccessible and the university has enabled interim information points to meet urgent needs that were previously managed with digital tools. Official communication and updates are available in the public accounts of the university, for example in its Instagram profile Here. and in another new publication Here..

Although La Sapienza has not entered into details about the technique used or the authorship, the Italian press publishes reports that point to a ransomware attack. The diary Corriere della Sera it collects versions according to which the alleged responsible group would be a pro-Russian actor named Femwar02 and that the intrusion would have involved file encryption. The same medium relates malware indicators to a family known as Bablock / Rorschach, a type of ansomware that appeared in 2023 and has been characterized by its speed to cipher and by offering wide customization options.

Security specialists have analysed recent variants that mix elements of previously leaked projects, such as Babuk, LockBit and DarkSide; Check Point, for example, maintains research and analysis on emerging families and how techniques are recycled from previous campaigns, information that helps contextualize why some attacks are so effective according to industry reports. In the case of La Sapienza, sources cited by the press indicate that there might be a demand for rescue, but the university technicians would have decided not to open the package with the request to avoid activating a 72-hour counter that, according to reports, usually uses some groups to press the target.

Crisis management includes the intervention of specialized authorities and teams: the university has notified the competent bodies and has formed a technical response team. According to reports and reports, internal technicians work in coordination with the Italian CSIRT and the Agenzia per la CyberSicureza Nazionale (ACN), in addition to the collaboration of the Postale Police, to restore systems from backup that, according to the available statements, would not have been compromised.

One aspect of concern to experts is the manner of extortion that follows this type of intrusion. Although the Rorschach family does not usually manage a data publication "portal" on the darknet, exfiltered files can end up in the hands of groups specialized in the sale or dissemination of stolen information, with the resulting risk of public leaks. It is a threat that forces the university community to take precautions: it is appropriate to mistrust unexpected messages and posts, not to press links or open suspicious attachments, and to monitor unusual movements in institutional and personal accounts.

For students and employees of La Sapienza, in addition to following official indications, it is recommended to strengthen passwords in services that do not depend on the corporate domain, activate authentication of two factors when available, and communicate to the support service any activity that seems strange. The Italian authorities and the university itself will be the sources authorized to communicate when the services will be returned and what the specific implications for data confidentiality are.

This episode again highlights a well-known reality in the education sector: universities handle huge volumes of sensitive information and at the same time show wide attack surfaces by the combination of open networks, international collaborations and large user rotation. Prevention, network segmentation, backup management and continued cybersecurity training are confirmed as essential pillars for reducing the impact of incidents such as the one now affecting La Sapienza.

For those who want to deepen the reference information, you can read the specialized press coverage and the note in national media: in addition to the official profile of the university in Instagram mentioned above, there are news reports in Corriere della Sera and technical coverage in specialized media such as BleepingComputer. It is also useful to consult the institutional pages of the ACN and Polizia di Stato for official recommendations on how to act on cybersecurity incidents.

The investigation continues and, as restorations advance, the priority declared by the university and the bodies involved is to safely recover services and ensure that backups are reliable. For the university community and the general public, this case is another call for attention: cybersecurity is an operational and strategic issue that requires resources, coordination and preventive culture.