Ransomware gang claims they are behind the Newcastle University attack

Newcastle University has been hit by DoppelPaymer ransomware attack

Ransomware gang claims they are behind the Newcastle University attackNewcastle University has been hit by a ransomware attack.

The DoppelPaymer ransomware operators claiming to be responsible for the attack that hit Newcastle University on August 30th. After this attack, the university's systems went offline. Newcastle University thinks that it will take several weeks to get the university's IT services back online.

It is not yet clear whether any important information has been compromised. University assured,[1] that this DoppelPaymer ransomware attack is now under investigation of UK Police and the National Crime Agency in cooperation with the Newcastle University IT Service (NUIT). Newcastle University explained:

All University systems – with the exceptions of those listed in the communications (Office365 – including email and Teams, Canvas and Zoom) are either unavailable or available but with limitations. Access may cease at any point.

Newcastle University[2] is a UK public research university in Newcastle upon Tyne (North East England). This university also has campuses in Malaysia and Singapore. Newcastle University is divided into 3 faculties, 24 academic schools, and 40 research institutes and has more than 27,000 students.

It may take several weeks to eliminate the problem

The university says that based on internal support teams and third party consultants' recommendations, it may decide to reset account passwords but this has not yet been decided. Many IT services are currently offline and will remain down. Because of recovery efforts, those services that are operating could be taken down without advance notice.

Moreover, the university warned, that due to this problem colleagues may temporarily lose access to their IT accounts without notice and NUIT may need to remove impacted servers, PCs, or other devices for investigation.

Also, Newcastle University published an update about the incident, saying:[3]

The investigation into the incident is still at an early stage. IT colleagues continue to work hard on the systems recovery plan, and to support the police and the National Crime Agency with their enquiries. However, we will not be able to share further detail on the incident until this initial investigation has concluded.

The ICO and Office for Students was notified within 72 hours of the cyber incident being detected.

According to the university, employees and students will have access to a limited set of IT services: Office365, SAP core services via the client, and Zoom. Specialists recommended for staff and students to copy files from the university's share drive to their OneDrive accounts.

The DoppelPaymer ransomware claims to be responsible for this attack

The DoppelPaymer ransomware creators state that they are responsible for this attack. It's the same cybercrime group that previously leaked SpaceX and Tesla documents.[4] Mexico's state-owned oil company, Pemex, also suffered a DoppelPaymer ransomware attack last year.[5]

The DoppelPaymer virus[6] is a ransomware-type computer infection that infects high-profile company networks, is designed to spy on the local infrastructure, harvest any sensitive information that could hold any value, encrypt servers, and then threaten to publish the stolen data online if the victim refuses to pay the ransom.

Examples such as Newcastle University's attack prove that The DoppelPaymer ransomware is a serious threat but there are steps you can take to remove it and prevent your data loss.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions