Major Ransomware Attack Forces La Sapienza University Offline, Affecting 120,000 Students

The IT infrastructure of La Sapienza University in Rome, one of Europe's largest academic institutions serving approximately 120,000 students, has been offline for three consecutive days following a suspected ransomware incident.

In an official statement published on Instagram Tuesday, the university administration confirmed that network systems were proactively taken offline as a security precaution following the cyberattack. The institution is currently conducting a comprehensive forensic investigation while working to restore all digital services. According to the statement, several critical communication channels including email systems and workstations remain partially compromised.

University officials indicated that system restoration efforts are underway utilizing backup infrastructure, which reportedly remained unaffected by the security breach. As of this publication, the Sapienza website continues to be inaccessible.

According to reporting by Italian news outlet Il Corriere della Sera, the disruption stems from a ransomware attack, though neither the university nor national authorities have officially confirmed this classification. The threat actors allegedly transmitted a ransom demand link to university administrators, featuring a 72-hour countdown timer that activates upon access.

The incident is being investigated by Italy's Agenzia per la Cybersicurezza Nazionale (ACN), the national cybersecurity agency. At the time of reporting, ACN representatives had not provided additional details regarding the attack vector or ransomware variant involved.

Subsequent reporting identified the threat actor group as "Femwar02", a previously unknown cybercriminal organization. The attack reportedly deployed the BabLock ransomware (also identified as Rorschach), a sophisticated malware strain first documented in 2023.

Despite the significant infrastructure disruption, La Sapienza confirmed that examinations are proceeding on schedule. However, students requiring exam registration must coordinate directly with faculty members. The university has established physical information points across multiple campus locations to assist affected students.

This incident underscores the persistent threat landscape facing educational institutions. Academic organizations remain high-value targets for cybercriminal operations due to their extensive data repositories and often limited cybersecurity resources. Similar attacks have targeted prominent institutions including Harvard University and the University of Pennsylvania, where threat actors successfully exfiltrated sensitive data for extortion purposes.

Sources:

La Sapienza Official Statement

Group-IB BabLock Analysis

Check Point Rorschach Research