Cyber Incident Victim: University of Rome Tor Vergata
Date:
Sep 2020
Location:
Italy
Summary
A cyberattack compromised the University of Tor Vergata's network via a server, encrypting critical files including COVID-19 research on therapies, biomarkers, and molecular studies, alongside distance learning platforms and sensitive academic data across multiple disciplines. The incident paralyzed over 100 computers and disrupted operations, though immediate containment measures—including system restoration from backups—prevented permanent data loss. Cybersecurity consultants and law enforcement collaborated to investigate the intrusion's origin, analyzing logs, IP addresses, and attacker tactics, while noting no ransom demand had been issued initially. The attack aligned with a broader pattern of heightened cyber threats against research institutions during the pandemic, with motives ranging from extortion to potential espionage.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the evening of September 4, 2020, attackers infiltrated the network of Italy’s University of Tor Vergata through a compromised server. The intrusion rapidly escalated as the attackers encrypted critical files across the university’s systems, targeting research data, administrative documents, and sensitive information stored on cloud platforms and local hard drives. Over 100 staff computers were compromised, rendering their contents inaccessible. Among the most severely impacted materials were COVID-19 research files, including studies on therapeutic molecules to block viral entry into human cells and AI-driven voice biomarker projects for diagnostic purposes. The attack also disrupted non-COVID research spanning paralyzed patient rehabilitation techniques and exoplanet life-form investigations. University operations faced paralysis as the encryption extended to distance learning platforms, which had been rapidly deployed during Italy’s lockdown to facilitate 71,000 remote exams and ongoing education. No ransom demand was communicated during the initial phase of the incident, and university officials could not immediately confirm whether data exfiltration had occurred alongside the encryption.
The university’s response team, led by Rector Orazio Schillaci, activated containment measures within hours to isolate affected systems and prevent further spread. Microsoft’s cybersecurity personnel collaborated with the university’s IT staff and an external consultant experienced with Telecom, Intesa Bank, and Italian government security protocols to restore operations. Backup systems were prioritized to recover encrypted data without paying ransoms, safeguarding research continuity and academic functions. Concurrently, investigators analyzed intrusion logs, extracted IP addresses, and examined attacker tactics to identify the breach’s origin, though attribution complexities prompted involvement from Italy’s Postal Police. The incident aligned with a broader pattern of cyberattacks against research institutions and hospitals during the pandemic, which U.S. and European authorities had warned included both financially motivated ransomware campaigns targeting COVID-related studies and state-sponsored espionage operations. At Tor Vergata, the immediate focus remained on restoring academic activities and securing compromised systems while forensic work continued.