Digital teaching continues The RUB’s IT infrastructure is partially down

Update from 2.55 p.m., 18.5.2020

FAQ: First services are working again. ++ News about online teaching. ++ Open letter from the Rector on the current crisis.

Update from 6.26 a.m., 14.5.2020

Due to the cyber attack on Ruhr-Universität Bochum, all users with a RUB login ID must set a new password immediately. This also applies to so-called combined services that are used to run functional email addresses. Changing the password is a security measure. Instructions and detailed information for students and members of the teaching and administration staff are available on the IT-Services homepage (German).

Update from 10.15 a.m., 11.5.2020

Just like with the coronavirus crisis, we are now collating questions and answers about the effects of the hacker attack on students, teachers and employees. Click here for the new FAQ page.

Update from 5.55 p.m., 8.5.2020

Even though all digital teaching systems are fully operational, problems may still occur in communication between lecturers and students via RUB mail. Our IT team is currently working on a solution.

Update from 5.54 p.m., 8.5.2020

Note from the Chancellor regarding communication at RUB: Due to the cyber attack, we have decided to shut down all central administration systems. As a result, the administration at Ruhr-Universität operates at a fraction of its capacity, even emails can’t be sent and received. However, all employees can be reached by phone under the usual numbers during the usual office hours.

Update from 5.49 p.m., 8.5.2020

RUB has published a second press release with new information on the attack with the following content:

The computer attack with an encryption software has mainly affected the university administration. The search for the attackers and any damage continues.

Experts from RUB and the Bochum-based IT company G-Data jointly investigate the damage caused by the external computer attacks with encryption software on RUB from 7 May 2020. One thing is certain: the learning platform Moodle, which is necessary for digital teaching in the summer semester 2020, is not affected, nor are any other instruments such as Sciebo, Zoom or RUB-Cast.

These systems run on RUB servers that are not affected by the attack or on external servers. So the good news is: digital teaching at RUB can continue as planned.

According to current knowledge, central servers are particularly affected by the hacker attack, which are needed in the RUB administration for e.g. the Windows systems Exchange and Sharepoint. This is why email traffic with the RUB administration is currently disrupted. Wherever possible, employees use other services.

All potentially affected servers have been shut down and are currently closely analysed. The decision whether and when the servers are restarted, i.e. when the RUB administration goes back to normal, will be made based on the analysis results. Due to the restrictions imposed by the coronavirus pandemic, most employees are working from home anyway. Alongside the analysis, a search for possible perpetrators is also being carried out. As the investigation is ongoing, current findings cannot be published at this point.

Update from 8.5.2020

The following channels also provide up-to-date information (mostly in German): IT-Services, Facebook und Twitter.

Update from 4.31 p.m., 7.5.2020

RUB now also reports about the current status in a press release. It answers the following questions:

What happened?

In the night of 6 to 7 May 2020, a computer attack forced a large part of the central IT infrastructure at Ruhr-Universität Bochum (RUB) to be shut down. The attack is currently being analysed to find out what happened exactly. As an immediate measure, all central servers and backup systems that might be affected were shut down.

Who is affected?

All PC applications used by the university administration are currently out of service, email via the Exchange system doesn't work.

What is still working?

The services RUB-Mail, Moodle, Rub-Cast, Zoom, Matrix (Riot) are still available. Digital teaching via these systems is therefore currently possible.

What do you have to do?

All Windows-based applications in all RUB faculties and institutions should be limited to the most necessary communication processes. As always, no email attachments should be opened. All Office documents should be sent as PDF.

At present, IT Services and an external expert system are analysing the nature and extent of the damage and the further procedure. More information and recommendations for action are to follow.

Update from 1.08 p.m., 7.5.2020

The services RUB Mail, Moodle, RUBCast, Zoom, Matrix (Riot) are currently still up and running.

Update from 10.35 a.m., 7.5.2020

We have now established that an external computer attack on the RUB’s central IT infrastructure has taken place. As a result, a large part of the IT infrastructure had to be taken down. As the overall situation is still unclear, IT Services recommends shutting down all connected Windows-based server systems in the faculties as well.

Should the RUB homepage be down, too, we will keep you updated on this page: https://notfall.ruhr-uni-bochum.de/.

Original report

Due to considerable technical problems in the IT infrastructure, a large number of systems have been unavailable since around 8 a.m. today, Thursday, 7 May 2020. As a result, RUB members have no access to services such as the email program Outlook and the VPN tunnel that are necessary to access folders when working from home. The internal service portal cannot be accessed either. The IT Services department is troubleshooting. We are also investigating whether a hacker attack took place. More information to follow.