Attack on RU mail servers

22.10.2021

The mail servers for RU employee emails have been under attack recently. Students' emails are stored in the cloud and have therefore not been affected. There are no indications that other information systems at the University have been affected by the attack and no data loss nor leakage has been confirmed. Emails were encrypted on one of two servers, but copies were available on another server.

The attack has been reported to the police, the Data Protection Authority and the Computer Emergency Response Team CERT-IS. Detailed announcements have also been sent to staff and students, and press releases to Icelandic media, describing the sequence of events.

Analytical work with experts from Syndis and Advania has revealed that in August and again this October, hackers installed malicious software on RU's mail servers. It is not known whether the same party was involved in both cases. All RU servers and systems have been searched for traces of malware, but no such traces have been found except on these two mail servers. Based on the information currently available, it is possible that the hackers have had access and opportunity to copy staff emails, in part or in full. However, it is still impossible to say whether this has really occurred. If employees‘ emails were leaked, it could affect RU students who have communicated with teachers and other RU employees via email. If the University becomes aware of any such data leak, all involved will be notified immediately.

A letter was left on the mail server which was encrypted, demanding that RU should pay ransom, otherwise the employees' e-mails would be made public. The University intends to follow the instructions of the police and not pay the ransom nor make any attempt to communicate with the hackers.

University management is reasonably optimistic, hoping for the best but preparing for the worst with the University’s consultants. IT specialists will continue to work with Syndis and Advania on research into RU's servers next week and even longer. Work will also continue with these parties to ensure and revise procedures to learn and ensure even more secure information environment at RU.