Cyber Incident Victim: Bergische Universität Wuppertal

On July 23, 2022, Bergische Universität Wuppertal publicly disclosed a significant cyberattack disrupting its operations. The university’s IT infrastructure sustained extensive damage, with "erhebliche Teile" (substantial parts) compromised, forcing the shutdown or severe limitation of numerous critical systems. Core administrative and academic services became inaccessible, including internal communication channels essential for coordinating university activities. Available services during the initial phase were restricted to BUW-Mail, Moodle, ZOOM, and Rocket Chat, enabling limited academic continuity. The university’s incident response team, involving the Zentrum für Informations- und Medienverarbeitung (ZIM) and executive leadership, immediately prioritized containment, advising all faculties to power down Windows-based server systems as a precautionary measure. This recommendation reflected concerns about potential lateral movement within the network, though the attackers’ specific methods or objectives were not disclosed.

By July 25, 2022, partial recovery efforts allowed the restoration of enrollment services via StudiLöwe and library systems, though broader IT disruptions persisted. The university directed stakeholders to monitor official websites and social media platforms (Facebook, Instagram, Twitter) for updates, acknowledging ongoing communication limitations. No data theft or ransomware claims were mentioned in the advisory. Operational impacts included administrative delays and reliance on decentralized communication, with employees and students instructed to consult direct supervisors for urgent inquiries. The Hochschulleitung emphasized transparency regarding the attack’s severity while avoiding technical specifics about the intrusion vector or attribution. Recovery timelines remained undefined as of the last update, with work continuing to restore full functionality across affected systems.