Ransomware attack on Université Paris-Saclay impacted servers and digital services

Leading French university Université Paris-Saclay suffered a significant data security incident that had a major impact on its digital services and internal servers.  

 

Located in the south of Paris, Université Paris-Saclay runs a network of five faculties, three university technical institutes, five schools, two associate member universities and seven national research organisations. The university has about 50,000 students, over 8,000 researchers and academic staff and a network of 220 laboratories.

 

In a data security incident notice posted on its website on 10th October, the leading French educational institution said that on August 11, it was a victim of a significant cyber attack that affected its entire internal network.

 

“A number of services such as the intranet and certain business applications were unavailable. Since that date, the teams of the Information Systems Department (DSI), supported in particular by the National Agency for the Security of Information Systems (ANSSI), have been working to gradually restore these services,” reads the notice.

 

On August 20, University officials reported the incident to the Departmental Gendarmerie of Palaiseau, a territorial police branch of the French National Gendarmerie and requested the French National Agency for the Security of Information Systems (ANSSI) to investigate the data security incident and determine the nature and scope of the same.

 

“A crisis unit was activated immediately after the incident occurred. This unit includes the university’s president, Director General of Services, IT department and ANSSI. It decides the actions to be implemented, following ANSSI’s recommendations,” the University added.

 

As the official website was affected, Université Paris-Saclay set up a temporary site in order to ensure communication with staff and students.

 

The university announced on Wednesday that the ransomware group which targeted its network claims to have stolen 1 terabyte of data that includes 48 CVs, 47 transcripts, 47 recommendation letters, 6 diplomas, an identity card, 44 certificates and 44 applications for Master’s level courses.

 

“Each of the 44 people concerned will be personally contacted by the university to inform them of the personal data concerning them that has been disclosed,” Université Paris-Saclay said.

 

While the University did not say who was behind the cyber attack, it had clarified that a ransom won’t be paid to the cyber criminals. “In accordance with its principles and government directives, the university will not pay any ransom, the payment of which also offers no guarantee of restoration of IT services and encourages computer criminals to repeat their actions against public institutions,” it said.

 

“The institution’s priorities are to secure the university’s information systems to prevent any further attacks, and to gradually restore digital services. In particular, the restoration of a messaging system has been identified as a high priority,” it added.

 

Recently, the RansomHouse ransomware group

responsibility for the cyber attack on Université Paris-Saclay and listed it as a victim on its data leak site. The group claimed to be in possession of 1 terabyte of data stolen from the University and threatened to leak the same unless its ransom demands aren’t met.