Academic Jobs - Home of Higher Ed Logo

Sapienza University Cyberattack: Europe's Largest Remains Offline After Massive Ransomware Disruption

204views
Submit News
Become a Contributor
photo of turned on laptop computer on brown table
Photo by Ankit Singh on Unsplash

What Happened at Sapienza University?

Rome's Sapienza University, known formally as Università degli Studi di Roma "La Sapienza," stands as Europe's largest university by enrollment, boasting over 115,000 students across 11 faculties and numerous departments. Founded in 1303, it has long been a cornerstone of Italian and European higher education, renowned for its contributions to medicine, engineering, humanities, and sciences. The recent cyberattack has thrust this historic institution into the global spotlight, highlighting the vulnerabilities of modern university infrastructures.Aerial view of Sapienza University campus in Rome, a sprawling hub of Europe's largest university now disrupted by cyberattack.

The incident unfolded around February 1, 2026, when anomalous activity was detected in the university's IT systems. By February 2, Sapienza confirmed via social media that its infrastructure had been targeted, prompting an immediate precautionary shutdown of network systems to safeguard data integrity. This drastic measure left the main website, student portals, and internal networks inaccessible, marking one of the most significant disruptions to hit a European university in recent years.

Detailed Timeline of the Sapienza Cyberattack

Understanding the sequence of events provides critical context for the scale of the disruption. Here's a step-by-step breakdown based on official updates and reports:

  • February 1: Initial breach detected; suspected initial access via phishing or exploited vulnerability in outdated software.
  • February 2: University activates emergency protocols, shuts down systems, and notifies Italy's Agenzia per la Cybersicurezza Nazionale (ACN).
  • February 3: First public statement on Instagram; infopoints established on campus for student support.
  • February 4-5: Restoration attempts from clean backups begin; website remains offline.
  • February 6-8: Systems still offline as investigations continue; exams proceed manually via professors.

As of February 8, 2026, full operations have not resumed, with technicians coordinating with national authorities.

The Nature of the Ransomware Attack

Ransomware, a type of malicious software that encrypts files and demands payment for decryption keys, is the prime suspect. Specifically, indicators point to BabLock (also known as Rorschach), a sophisticated strain first identified in 2023. This malware combines code from notorious families like Babuk, LockBit 2.0, and DarkSide, enabling rapid encryption of large datasets.

The attackers, tracked as Femwar02—a newly emerged pro-Russian threat actor—allegedly left a ransom note with a 72-hour countdown timer that activates only upon opening. Sapienza staff wisely avoided this to prevent escalation. The malware's design spares systems in Russian or post-Soviet languages, hinting at geopolitical motivations amid ongoing European tensions.TechCrunch Report

Immediate Operational Impacts on Students and Faculty

With over 120,000 users affected, the outage has ripple effects across campus life. The Infostud platform—essential for exam bookings, tuition payments, grade checks, and faculty communications—is inaccessible, forcing manual processes. Students must now coordinate directly with professors for assessments, while administrative tasks like degree applications have seen deadlines extended.Screenshot of Sapienza's Infostud student portal showing outage message during cyberattack.

Faculty report limited email access, hindering research collaborations and lecture preparations. Research labs relying on networked servers face delays in data analysis and grant submissions. For international students, particularly those in Europe-wide programs, visa and mobility services are stalled. Yet, in-person classes and exams continue, showcasing resilience.

If you're navigating career challenges amid such disruptions, resources like higher ed career advice can provide stability.

University Response and National Support

Sapienza formed a technical task force immediately, prioritizing isolation and backup restoration. Temporary infopoints on campus offer in-person guidance, though limited by digital dependencies. Communications shifted to Instagram, ensuring transparency without compromising security.

Italy's ACN, Polizia Postale, and CSIRT are deeply involved, analyzing the breach scope and attributing tactics. No payment has been made, aligning with no-ransom policies recommended by experts. Recovery involves rigorous verification of backups to avoid re-infection.

text

Photo by KOBU Agency on Unsplash

Attribution to Femwar02 and Geopolitical Context

Femwar02, a nascent group, mirrors tactics of state-aligned actors disrupting Western institutions. The selective encryption avoidance of Russian-language systems suggests hybrid warfare elements, possibly retaliation for EU sanctions. While no official claim on dark web portals (Rorschach doesn't maintain one), data exfiltration risks loom under GDPR scrutiny.

Security Affairs Analysis

Broader Implications for European Higher Education

This incident underscores rising cyber threats to universities, valuable targets due to vast research data, intellectual property, and lax security in legacy systems. In 2025, education saw 251 global ransomware incidents, with Europe experiencing a 21% surge in attacks per GÉANT reports.

Stakeholders—students losing learning time, faculty pausing research, admins overwhelmed—face long-term effects like delayed graduations and funding risks. European unis must bolster defenses amid geopolitical strains.

Statistics on Cyber Threats to Universities

Key data reveals the crisis:

  • Education orgs faced 4,356 weekly attacks in early 2025, up 41% YoY (Check Point).
  • 39% of European pros report more attacks (ISACA 2025).
  • ENISA notes ransomware as top threat for EU institutions.

For faculty eyeing secure environments, check university jobs in Europe.

Similar Cyber Incidents in European Higher Ed

Sapienza isn't alone. Eindhoven University of Technology (Netherlands, Jan 2025) suffered a breach disrupting exams. Other cases include UK and German unis hit by LockBit variants. Patterns: phishing entry, lateral movement, encryption. Lessons: segment networks, train staff.

Best Practices and Solutions for Universities

To fortify defenses:

  • Implement multi-factor authentication (MFA) everywhere.
  • Regular vulnerability scans and patch management.
  • Immutable backups offline.
  • Cybersecurity training: simulate phishing quarterly.
  • Zero-trust architecture to limit breach spread.

ENISA's Threat Landscape 2025 advocates EU-wide collaboration. Institutions adopting these reduce recovery time by 50%.

An aerial view of a city with tall buildings

Photo by Lukas on Unsplash

ENISA Report

Future Outlook and Recovery Prospects

Sapienza aims for phased restoration, potentially weeks away. Long-term, expect enhanced cybersecurity investments, possibly EU funding boosts. For higher ed pros, this era demands resilience; explore higher ed jobs with robust IT.Infographic of cybersecurity best practices for universities post-Sapienza cyberattack.

Stakeholder perspectives: students seek transparency, faculty prioritize research continuity, admins focus on compliance.

Navigating Careers in a Cyber-Threatened Higher Ed Landscape

As disruptions mount, professionals can pivot: rate experiences at Rate My Professor, seek stable roles via university jobs, or upskill through career advice. Post a vacancy at post a job to attract talent undeterred by risks. Sapienza's saga reminds us: preparedness ensures continuity.

Portrait of Gabrielle Ryan
About the author

Gabrielle RyanView author

Academic Jobs In House Author

Acknowledgements:

Sapienza University of Rome logo Sapienza University of Rome

Discussion

Sort by:

Be the first to comment on this article!

You

Please keep comments respectful and on-topic.

New0 comments

Join the conversation!

Add your comments now!

Have your say

Engagement level

Browse by Faculty

Browse by Subject

Frequently Asked Questions

🔒What caused the Sapienza University cyberattack?

The outage stems from a suspected BabLock ransomware attack by Femwar02, encrypting systems and prompting shutdown.

👨‍🎓How many students are affected by the La Sapienza outage?

Over 115,000-120,000 students face disruptions in portals like Infostud for exams and admin tasks. Career advice can help navigate.

💰Is Sapienza University paying the ransom?

No, staff avoided opening the note to prevent a 72-hour timer, focusing on backups instead.

What is the current status of Sapienza systems?

As of Feb 8, 2026, website and networks remain offline; recovery ongoing with ACN support.

🌐Who is behind the Femwar02 group?

A pro-Russian actor using Rorschach-like malware, targeting Western institutions selectively.

📚How has the cyberattack impacted exams at Sapienza?

Exams continue manually via professors; bookings paused, deadlines extended.

⚠️What are common ransomware tactics against universities?

Phishing, unpatched software; education saw 251 attacks in 2025.

🇮🇹How is Italy responding to the Sapienza incident?

ACN, Polizia Postale investigating; aligns with EU cybersecurity frameworks.

🛡️What best practices prevent university cyberattacks?

MFA, offline backups, training; zero-trust models recommended.

📤Will Sapienza data be leaked?

Unconfirmed exfiltration; GDPR risks high if stolen.

🗺️Similar attacks on other European universities?

Yes, Eindhoven Tech 2025; rising trend per ENISA.