Cyber Incident Victim: Justus Liebig University

In December 2019, Justus Liebig University (JLU) in Gießen, Germany, experienced a severe malware infection that disrupted its entire IT infrastructure. The university detected the infection on December 8, prompting immediate isolation of all networked systems. IT staff disconnected the entire server infrastructure and individual computers to contain the threat. Over the following days, technicians manually scanned every university computer using antivirus software loaded onto more than 1,200 USB flash drives. They conducted an initial system-wide sweep, followed by a second comprehensive scan after receiving updated antivirus definitions specifically targeting the unidentified malware strain. Computers cleared during both scans received green stickers authorizing their safe reconnection to the network. The week-long outage affected all academic and administrative operations, with the university maintaining network isolation for nine consecutive days during remediation efforts.

The malware incident also compromised JLU's email systems, necessitating password resets for all 38,000 student and staff accounts. German legal requirements imposed by the National Research and Education Network (DFN) prohibited transmitting new credentials electronically to personal email addresses. This regulation forced the university to implement an in-person password distribution system requiring valid ID verification. Students and faculty queued at campus locations throughout the week of December 17 to collect handwritten passwords on physical documents. The combination of mandatory manual malware removal and DFN compliance requirements created significant operational disruptions, with IT teams simultaneously managing device disinfection while verifying identities for credential distribution. The password reset process attracted international attention due to the unusual sight of thousands lining up across campus during final examinations period.