Aristotle University of Thessaloniki

On May 12, 2017, Aristotle University of Thessaloniki was impacted by a ransomware attack that affected a limited number of its personal computers. The compromised systems were described as outdated and had not received recent Windows updates, creating a vulnerability. The malicious software encrypted local files stored on connected USB devices and also deleted the contents of administrative folders. University IT administrators promptly implemented containment measures to halt the spread of the malware and investigate the security breach. Users were formally advised to back up their data, ensure their antivirus software was current, and disconnect any external storage devices. The attackers demanded payment in bitcoin to provide decryption keys for the locked files. This incident exploited a specific vulnerability in the Windows operating system for which a security patch had been released by the manufacturer several months prior to the attack.

This cyber incident was a localized manifestation of a widespread global campaign that simultaneously targeted government agencies, major corporations such as Telefonica and Renault, and numerous educational institutions across multiple countries. Aristotle University of Thessaloniki, as a prominent higher education institution in Greece, was among the academic entities affected by this coordinated ransomware effort. The event underscored the universal risk posed by unpatched software vulnerabilities within organizational IT infrastructures, regardless of sector. The university's experience provided a specific case study of how such large-scale, exploit-based attacks can disrupt academic operations and compromise data stored on local and portable media. The response followed standard incident management protocols for such breaches, focusing on isolation, user communication, and technical investigation to restore systems and prevent recurrence.