According to BleepingComputer, the National College of Ireland (NCI) and the Technological University of Dublin have announced that ransomware attacks hit their IT systems.

NCI is currently working on restoring IT services after being hit by a ransomware attack over the weekend that forced the college to take IT systems offline.

“NCI is currently experiencing a significant disruption to IT services that has impacted a number of college systems, including Moodle, the Library service and the current students’ MyDetails service,” the college announced on Saturday.

In a subsequent update following the April 3rd ransomware attack, faculty and staff were notified that IT staff and external service providers are working on restoring the services.

Access to NCI’s IT systems was suspended and the campus building is also currently closed to both students and staff until IT services are restored.

NCI has also alerted the relevant authorities of the incident, including the Data Protection Commissioner and Gardaí (the national police service of the Republic of Ireland.)

“Please note that all classes, assessments and induction sessions planned from today Tuesday 6th until this Thursday 8th April inclusive have been postponed and will be rescheduled for a later date,” NCI added in a statement issued today.

“The college will issue a further update on Thursday afternoon in relation to classes and other events for Friday and beyond.”

Students with assignments due this week were told that “no late penalties will be applied while the outage remains in place.”

The Tallaght campus of the Technological University Dublin (TU Dublin) was hit by the ransomware attack on Thursday morning and has impacted both IT systems and campus back-ups.

“Disruption to some ICT systems on Tallaght campus but secure remote access to key services is available,” TU Dublin says in a notice on the university’s website. “ICT Helpdesk cannot respond to requests while issues are investigated. Updates will be sent via email.”

According to an email sent to students and obtained by DataBreaches, “this attack does not include any ICT systems or processes on the City and Blanchardstown campuses.”

Students were also told not to use any of the campus IT systems until Monday, April 12, and to avoid reaching out to IT staff who is currently working on restoring impacted IT systems.

“At this early stage in the investigation, there is no indication that any data, including personal data, has been ex-filtrated, downloaded, copied or edited because of this attack,” a TU Dublin spokesperson told BleepingComputer.

“The University continues to work as a matter of urgency to restore safe access for students and staff to all our onsite ICT systems as soon as possible.”

Educational institutions and universities are being heavily targeted by different threat groups. Clop ransomware leaked data from at least a half dozen premier universities in the US last week while the FBI warned of increased Pysa ransomware activity in education last month.

Clop has been actively exploiting the Accellion File Transfer Appliance (FTA) to enter environments, exfiltrate data, and leak it on their dark web sites.

Pysa, however, compromises Remote Desktop Protocols (RDP) credentials through phishing emails. Pysa operators will then use open source tools like PowerShell and execute commands to make their way around antivirus security protocols prior to deploying their ransomware.

In order to stop these persistent threats, find a dedicated security team like SpearTip. We understand how important it is for educational institutions to remain operational for the sake of their students, so we feel it’s our duty to protect environments with a continuously investigative approach. Our team also stays up to date with the latest attack trends and ransomware groups to improve threat intelligence for a better and quicker response in our partner’s networks.

SpearTip’s cyber experts continuously monitor environments 24/7 in our US based Security Operations Center. Our certified engineers work in unison with our proprietary endpoint detection and response tool, ShadowSpear®. This allows your organization to have a direct communication with our engineers at any moment and a completely transparent view of your risk profile.

If you think your organization has been breached, call our Security Operations Center at 833.997.7327.