Cyber Incident Victim: Universidad de Castilla-La Mancha

On April 19, 2021, the University of Castilla-La Mancha (UCLM) experienced a ransomware attack targeting its technological infrastructure. The university promptly reported the incident to Spain’s National Cryptological Center Computer Emergency Response Team (CNN-CERT), the national authority responsible for cybersecurity in public administrations and strategic entities. UCLM publicly acknowledged the attack through official communications on its Facebook and Twitter accounts, as well as via the news agency efe. In a tweet dated April 20, 2021, the university clarified that the attack specifically impacted its core technological systems rather than the individual devices of students, faculty, or staff. This distinction aimed to reassure the university community that personal data on endpoint devices might not have been directly compromised, though the institution did not explicitly confirm this.

The university’s IT department, UCLMtic, immediately initiated recovery efforts with a stated priority on restoring digital services critical to teaching activities. Despite these efforts, the university’s main website remained inaccessible as of the morning following the attack announcement. No technical details regarding the ransomware variant, attack vector, or data exfiltration were disclosed publicly. Similarly, UCLM did not reveal whether the attackers demanded a ransom or if any negotiations occurred. The incident disrupted digital operations across the institution, though the full scope of affected systems beyond the website outage was not detailed in available communications. Recovery timelines and the operational status of non-teaching-related systems (such as research databases or administrative platforms) were also unspecified in the immediate aftermath.