Cyberattack Forces Network Shutdown at Rome’s La Sapienza University

Europe’s largest university faces major disruption as investigators probe a suspected ransomware attack.

A major cyber incident has disrupted IT operations at Sapienza University of Rome, commonly known as La Sapienza. The university confirmed that attackers targeted its IT infrastructure, forcing administrators to shut down network systems to protect data integrity.

University officials disclosed the incident earlier this week through social media. They ordered an immediate network shutdown as a precautionary measure. As a result, multiple digital services remain unavailable.

Widespread Disruption Across Campus

La Sapienza hosts more than 112,500 on-campus students, making it the largest university in Europe by enrollment. Following the attack, the institution notified authorities and assembled a dedicated technical task force to manage containment and recovery.

At the time of writing, the university’s official website remains offline. Updates published on Instagram show that recovery efforts continue. Meanwhile, administrators have established temporary “infopoints” to help students access essential information while core systems stay down.

Suspected Ransomware Involvement

The university has not officially confirmed the attack type or identified the threat actor. However, Italian newspaper Corriere Della Sera reports that a pro-Russian ransomware group known as Femwar02 likely carried out the attack.

According to the report, attackers encrypted systems using malware that resembles Bablock/Rorschach ransomware. This ransomware family first appeared in 2023 and gained attention for its extremely fast encryption speed and flexible configuration.

Cybersecurity researchers believe the strain draws code from leaked components of Babuk, LockBit v2.0, and DarkSide. Check Point previously assessed Rorschach as a composite project built from multiple ransomware sources.

Incident Response and Recovery Efforts

Sources indicate that a ransom demand exists, but university staff have not opened it. This decision reportedly avoids triggering a 72-hour countdown timer, leaving the ransom amount undisclosed.

Technical teams are now restoring systems from backups that appear unaffected. They are working alongside:

• Italian CSIRT
• Agenzia per la Cybersicurezza Nazionale
• Polizia Postale

These coordinated efforts aim to bring critical services back online while preserving forensic evidence.

Ongoing Risk to Students and Staff

Rorschach-style ransomware groups do not always run public leak sites. However, attackers may still sell or share stolen data with extortion-focused groups. Therefore, the risk of future data exposure remains real.

University officials urge students and staff to stay vigilant. They recommend avoiding unsolicited messages, refusing unknown links, and monitoring accounts for suspicious activity.

This incident once again highlights how educational institutions remain high-value targets due to large user populations, legacy systems, and operational pressure to restore services quickly.