Cyber Incident Victim: Reykjavik University
Date:
Feb 2024
Location:
Iceland
Summary
A ransomware attack targeted Reykjavik University, encrypting portions of its systems and prompting a ransom demand. Critical institutional data remains accessible, though partial data theft cannot be entirely ruled out, with investigations ongoing. All systems were temporarily shut down as a precaution, and cybersecurity experts initiated a full rebuild of compromised infrastructure. Student emails hosted externally were disabled preventively but will be restored after mandatory password resets and two-factor authentication implementation. Academic operations resumed with modified formats, while exams and graduation ceremonies proceeded as scheduled. Affected individuals were instructed to reset credentials via SMS or in-person service desks to regain system access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Reykjavik University publicly disclosed a ransomware attack targeting its systems. Attackers encrypted a portion of the university's data and issued a ransom demand, prompting an immediate shutdown of all systems as a precautionary containment measure. Cybersecurity experts from Syndis advised rebuilding all computer systems from scratch, a process initiated to eliminate potential attacker persistence. Initial forensic analysis found no conclusive evidence of significant data exfiltration, though investigators could not definitively rule out partial theft of sensitive information. The university prioritized restoring core academic functions, announcing that teaching would proceed as scheduled starting February 5 despite some modifications to delivery formats. Critical university data remained accessible through backups, though encrypted datasets required further analysis to determine potential losses.
Recovery operations focused on credential security and system hardening. Between February 5-6, the university implemented mandatory password resets for all students, distributing new credentials via SMS to Icelandic residents with registered phone numbers. Students without registered numbers or international students needed in-person verification at service desks in room V102, requiring valid identification and Microsoft Authenticator app installation for two-factor authentication. Network internet access was restored with temporary credentials ("RU Students"/"menntavegur.1"), while Microsoft-hosted student email required password resets before reactivation. Departmental service desks operated reduced hours (8:30-17:00) starting February 5 to address academic concerns including exam schedules, assignment submissions, and thesis deadlines. The university maintained its February 10 graduation ceremony schedule while continuing system reconstruction and forensic analysis to assess data integrity risks.