University of Buenos Aires partially recovers after ransomware attack
Learn More
The University of Buenos Aires (UBA) has faced a significant cybersecurity challenge when a ransomware attack disrupted its systems.The attack specifically targeted the Guaraní system used by students and faculty for academic management, as well as the Pilagá payment system, causing widespread concern.
Last Thursday, the attack compromised the university's servers, hindering various academic operations such as grade management and enrollment in summer classes. In response, university authorities issued a warning about the limited online functionality of systems like Guaraní.
The identity of the cybercriminal group behind this attack and their ransom demand remain unknown. However, Argentina has recently seen prominent cybercriminal groups like Rhysida and Medusa in action.
No details are available whether data was exfiltratrated and whether it will impact individuals.
UBA officials confirmed that the cyber intrusion was detected in their data center, leading to the isolation of affected computers to gauge the extent of the damage. The attack primarily impacted servers within the university's Windows environment. Wwithin a week, the university managed to partially restore its systems and create manual workarounds for certain issues—a process that typically takes much longer.
By Friday, the situation began to improve for faculty members. Access to the Guaraní system was restored, and staff received their bonuses. The university communicated to the teachers that the functionality of the SIU Guaraní system had been reinstated and that they should update any outstanding grades as soon as possible.
The UBA XXI distance education system, heavily reliant on online platforms, continued to operate effectively during this period. Meanwhile, DOSUBA, the university's social assistance program, ensured manual payment to its providers to maintain uninterrupted services. The university anticipates further system improvements by the following Tuesday or Wednesday, with alternative solutions in place to ensure continued service delivery.
The exact method used by cybercriminals to distribute the ransomware remains unclear, but there are indications that a Fortinet system, commonly used for system protection, was compromised. Fortinet has been actively involved in the system restoration efforts with UBA.
