DoppelPaymer operators behind Newcastle University attack


UK research university Newcastle University was affected by a serious cyber incident on August 30th which caused operational disruption across their networks and IT systems. They said that it might take several weeks for their IT services to get back online.

The DoppelPaymer ransomware operators have claimed responsibility of the cyber-attack on the university.

The university stated that due to the nature of the attack, it might take several weeks to address the problem. Many of the IT services are currently offline and will remain down, and those that are operating could be taken down without notice during the recovery efforts.

The attack is being investigated by the UK Police and the National Crime Agency in cooperation with the Newcastle University IT Service (NUIT).

Newcastle University stated in the latest update that

  • Colleagues may lose access to their IT accounts without notice and they may not be re-enabled quickly.
  • NUIT may need access to any IT system that is being used.
  • They might have to remove PCs, servers or other devices if found to be impacted, in order to perform detail investigations.

During the ongoing investigations, students and employees will only have access to a limited set of IT services including Office365 (email, Office apps, and Teams comm channels), SAP core services via the client (the web interface is still down), and Zoom.

All the students and staffs are advised to copy essential files from the university’s share drive to their OneDrive accounts. They also added that only essential files must be transferred and that it must not be copied or sent to the user’s personal accounts.

Newcastle University has only shared that they have suffered a cyber-attack while the DoppelPaymer ransomware operators are claiming to be responsible for it.

The operators also shared 750Kb worth of stolen data as proof on their data leak site ‘Dopple Leaks.’

DoppelPaymer is a ransomware operation known for attacking enterprise targets since at least mid-June 2019 by gaining access to admin credentials and using them to compromise the entire network to deploy the ransomware payloads to all devices.

They also demand large ransoms since their attacks have been known to encrypt hundreds and even thousands of systems on their victims’ networks.

Image Credits : Newcastle University

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    PIN Verification Bypass flaw affects Visa Contactless Payments

    Previous article

    REVil Ransomware hit Chilean bank BancoEstado

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *