‘Our on-premises email server was compromised’ — University of Waterloo interrupts suspected ransomware attack

WATERLOO — The University of Waterloo is assessing the impacts of a suspected ransomware attack on its online systems on Tuesday.

The university said it interrupted the suspected attack while it was still in progress.

“We know that our on-premises email server was compromised,” said Waterloo spokesperson Rebecca Elming on Thursday. “Fortunately, 99.9 per cent of our email users are not affected because their email services are hosted in the cloud.”

There were 12 individuals using the on-premise exchange server who have been affected, she said; none were students. The university was not able to say whether they were staff or faculty.

It is not clear what type of information the attackers were after, and they have not contacted the university with any demands, Elming said.

The RCMP discovered the attack on Tuesday, and then notified Waterloo Regional Police and the university’s Special Constable Services.

The university then acted quickly to interrupt the attack by physically shutting down the exchange server on site, Elming said.

The university’s IT team is working to assess whether any other online systems were affected and is continuing to take steps to secure systems and data.

The regional police cybercrime unit said Thursday it is aware of the cyber-incident but that the RCMP is the investigating agency.

Students, staff and faculty have been getting regular communication since the university was first notified of the suspected attack on Tuesday, said Elming.

The university will require everyone who accesses its systems to reset their password starting Friday as part of its security response to the incident

“We are fortunate that the prompt actions of law enforcement agencies, our internal IT teams, Microsoft and external cybersecurity partners acted quickly to identify and respond to this threat to avoid the worst outcomes,” she said.

SHARE: