Canadian university dealing with ransomware attack on email system

Canada’s University of Waterloo is dealing with a ransomware attack on its email system, the school confirmed this week.

On Wednesday, the school vice president Jacinda Reitsma said the university had stopped an attempted ransomware attack on May 30 and has been working to limit the impact of the initial breach that preceded the cyberattack. The Waterloo, Ontario-based school serves more than 40,000 students.

Reitsma explained that the school’s on-campus Microsoft Exchange email services were affected by the ransomware attack, sparing those who only use their cloud-based email.

But as a result of the attack the school had to disable the email system temporarily meaning students could not log in or create new accounts. Students also were not able to sign into other educational platforms with their email credentials, like Workday, Waterloo LEARN, and more.

“We are aware of a breach involving our on-campus email service (Microsoft Exchange). This service has now been isolated. Most Microsoft Exchange accounts are currently housed in the cloud and are not affected,” Reitsma said.

“This means that for most people on campus, your email access is unaffected. As we continue to investigate the impact of this breach, we may need to isolate more services which means you may not be able to access some systems throughout the day today.”

In an update on Thursday, the school said it was initiating a complete system shutdown and reset on Thursday night, which lasted about six hours.

Access to the school library’s online resources, including Omni and course reserves, were impacted by the outages. The school held a town hall to explain the situation to students and faculty with concerns about the incident.

On Friday, Reitsma said the reset was successful but noted that students and faculty will have to change their passwords before June 8. Those who miss the deadline will be locked out of their accounts and will need manual help from the school’s IT team.

The Royal Canadian Mounted Police told Canadian media outlet The Record that it discovered the attack on Tuesday and informed the Waterloo Regional Police as well as the university’s Special Constable Services.

No ransomware group has taken credit for the attack, but Canada has seen several ransomware attacks on large institutions in 2023.

Billion-dollar Canadian bookseller Indigo was attacked by the LockBit ransomware group in February and The National Gallery of Canada was struggling with its own ransomware attack just three weeks ago.