The University of Duisburg-Essen (UDE) was hit hard by a successful ransomware attack from the Vice Society cyber criminal group. The attack, which occurred in November 2022, has forced the university to completely rebuild its IT infrastructure, a process that is still ongoing.
The University, which was formed in 2003, is the result of the merger of two preceding universities: the Gerhard Mercator University of Duisburg and the University of Essen. It is considered the top German university in the field of physics.
UDE confirmed that they are aware that the threat actors published the stolen data and stated that they will not be paying a ransom. They also said that the cyber attack has impacted 1,200 servers and compromised the central authorization system, so restoring all of these would be impractical.
The attack on UDE, which has 43,000 students, 4,000 academic staff, and 1,500 administrative staff, highlights the ongoing threat of ransomware attacks and the importance of having a well-trained user-base that knows how to spot malicious cyber attacks before they cause damage.
In a 2019 interview, the CISO of UDE, Marius Mertens, discussed the successful mitigation of a ransomware attack. He highlighted the importance of the university’s supercomputer, which ranked among the top 500 in Europe, and explained that disruption to its operations would result in significant financial losses.
“A downtime would entail huge costs when converted to the price tag of the lost CPU hours. For example, losing CPU hours for one week would cost us €75,000,”
Marius Mertens, CISO – University of Duisburg-Essen (UDE)
A primary factor in the importance of this training is that a large majority of attacks like these begin with a successful spear phishing attack. Therefore, it is of vital importance that your users can spot these attacks before they harm your organisation. This can be achieved by providing regular cybersecurity training and simulated phishing exercises to all employees.
Phishing Tackle offers a free 14-day trial to help train your users to avoid these types of attacks and test their knowledge with simulated attacks using various attack vectors. By focusing on training your users to spot these types of attacks, rather than relying solely on technology (none of which can spot 100% of phishing emails), you can ensure that your organisation is better prepared to defend against cyber threats and minimise the impact of any successful attacks.