Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

La Sapienza University Hit by Sophisticated Ransomware Attack, Leaving Thousands Without Access to Education


La Sapienza University of Rome has been hit by a sophisticated ransomware attack, leaving thousands without access to their educational resources. The university's IT systems remain offline as it struggles to recover from the incident.

  • La Sapienza University of Rome suffered a highly sophisticated ransomware attack.
  • The attack left the institution's IT systems offline and thousands of students without access to their educational resources.
  • The attack is attributed to a pro-Russian threat actor called Femwar02 using the Rorschach ransomware strain.
  • Check Point estimated that Rorschach was built from leaked sources of Babuk, LockBit v2.0, and DarkSide, indicating a high level of sophistication.
  • The university's website is currently unavailable, but temporary infopoints provide information to students through digital systems.
  • A ransom exists, but the university staff has chosen not to open it due to concerns about a potential 72-hour timer.
  • Cybersecurity experts urge students and staff to remain vigilant for phishing attacks and monitor their accounts for suspicious activity.



    • In a disturbing turn of events, Italy's largest university, La Sapienza University of Rome, has fallen victim to a highly sophisticated ransomware attack. The cyberattack, which occurred in recent days, has left the institution's IT systems offline and thousands of students without access to their educational resources.

    According to reports, the university first disclosed the incident on social media, stating that its IT infrastructure had been targeted by a cyberattack. As a precautionary measure, the organization immediately shut down network systems to prevent further damage or data loss.

    While the specifics of the attack remain unclear, Italian newspaper Corriere Della Sera has claimed that the incident is attributed to a pro-Russian threat actor called Femwar02, who employed the notorious Rorschach ransomware strain. This particular strain of malware, which first emerged in 2023, features fast encryption speeds and extensive customization options.

    Cybersecurity company Check Point estimated that the Rorschach ransomware was built from bits of leaked sources of Babuk, LockBit v2.0, and DarkSide. This suggests a level of sophistication and planning on the part of the attackers.

    The attack has resulted in significant operational disruptions for La Sapienza University, with many of its systems currently offline. While the university's website remains unavailable, temporary "infopoints" have been set up to provide information to students through digital systems and databases that are currently inaccessible.

    It is worth noting that a ransom exists, but the university staff has chosen not to open it, fearing that doing so may trigger a 72-hour timer. Consequently, the ransom amount has yet to be specified.

    As La Sapienza University struggles to recover from this devastating cyberattack, cybersecurity experts urge students and staff to remain vigilant for phishing attacks and to monitor their accounts for suspicious activity. The risk of stolen data being disseminated or sold to data extortion groups remains significant, making it essential for the university community to exercise extreme caution.

    The recent attack on La Sapienza University serves as a stark reminder of the ever-present threat posed by ransomware attacks and the importance of robust cybersecurity measures in protecting against such threats.



    Related Information:
  • https://www.ethicalhackingnews.com/articles/La-Sapienza-University-Hit-by-Sophisticated-Ransomware-Attack-Leaving-Thousands-Without-Access-to-Education-ehn.shtml

  • https://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/

  • https://www.italianinsider.it/?q=node/13905

  • https://roma.corriere.it/notizie/cronaca/26_febbraio_04/attacco-hacker-alla-sapienza-la-gang-femwar02-e-il-virus-bablock-falla-nella-sicurezza-e-ricatto-da-un-milione-di-euro-a4a7e874-4eb6-4b99-82a4-74a432d15xlk.shtml

  • https://corriereuniv.it/attacco-hacker-alla-sapienza-la-gang-femwar02-e-il-virus-bablock-ricatto-da-un-milione-di-euro/

  • https://research.checkpoint.com/2023/rorschach-a-new-sophisticated-and-fast-ransomware/

  • https://www.darkreading.com/cyberattacks-data-breaches/rorschach-ransomware-what-you-need-to-know

  • https://attack.mitre.org/software/S0638/

  • https://www.sentinelone.com/anthology/babuk/

  • https://www.sentinelone.com/anthology/lockbit-2-0/

  • https://attack.mitre.org/software/S1199/

  • https://www.fortinet.com/resources/cyberglossary/darkside-ransomware

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-131a

  • https://securityaffairs.com/187570/apt/notepad-infrastructure-hack-likely-tied-to-china-nexus-apt-lotus-blossom.html

  • https://cybernews.com/security/state-sponsored-hackers-behind-notepad-plus-plus-hack/

  • https://securityboulevard.com/2025/03/a-deep-analysis-of-the-ransomware-group-babuk2s-recent-activities/

  • https://www.guidepointsecurity.com/blog/ongoing-report-babuk2-babuk-bjorka/

  • https://en.wikipedia.org/wiki/LockBit

  • https://en.wikipedia.org/wiki/DarkSide_(hacker_group)

  • https://www.heritage.org/cybersecurity/commentary/what-we-know-about-darkside-the-russian-hacker-group-just-wreaked-havoc

  • https://www.socinvestigation.com/comprehensive-list-of-apt-threat-groups-motives-and-attack-methods/

  • https://www.quorumcyber.com/wp-content/uploads/2023/07/Quorum-Cyber_Rorschach-Ransomware-Report.pdf


    • Published: Thu Feb 5 13:44:00 2026 by llama3.2 3B Q4_K_M


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us