Memorial University confirms cyberattack on Grenfell Campus involved ransomware

Posted: January 17, 2024 12:40 pm | Last Updated: January 17th, 2024 8:06 pm
By Web Team

SHARE




video
play-sharp-fill

Memorial University has confirmed the cyberattack on Grenfell campus during the Christmas break was a ransomware attack.

The university says an unauthorized third party gained access to the Grenfell Campus network and encrypted data on a number of servers and workstations. As a result, Grenfell IT services were rendered unavailable.

Since discovering the incident, a team of university experts has been working with external cybersecurity experts to mitigate impacts on academic, research, student and administrative activities at Grenfell Campus. Memorial’s containment efforts have included isolating the Grenfell network, collecting and analyzing evidence, implementing additional security measures and monitoring tools, scanning and ensuring the safety of data before restoring it in a safe and controlled environment and resetting passwords, among others. 

Thanks to these collective efforts, in-person classes at Grenfell Campus resumed on Jan. 8. IT systems and services on the St. John’s campus, which were not impacted by the incident, were extended to the Grenfell Campus to speed up recovery efforts. Work to recover systems involved in this incident is underway. Recovery will take several weeks and services and systems will look different than they did before this incident.

At this time, the university does not have any evidence that any personal information was compromised in this incident. If the investigation determines that personal information was compromised, it will advise the Office of the Information and Privacy Commissioner of Newfoundland and Labrador (OIPC) and directly notify impacted individuals as appropriate.

Memorial is cooperating fully with law enforcement. The incident was reported to the National Cybercrime Coordination Centre, a unit of the RCMP, on Dec. 30. The Royal Newfoundland Constabulary was advised of the incident on the same date. It has also been reported to the Centre for Cyber Security and the Canadian Anti-Fraud Centre. We have provided a courtesy notice to OIPC out of an abundance of caution.

The university will continue to provide updates on mun.ca/updates as information is available.

Scroll to top Hide picture