Rome’s La Sapienza University is continuing to experience major operational disruption after a cyber intrusion forced administrators to take its digital infrastructure offline as a safety measure. The shutdown began on February 2 and has affected core online services used by students, faculty, and administrative staff.
Since the incident, students have been unable to complete basic academic and administrative tasks such as registering for examinations, viewing tuition-related records, or accessing official contact information for teaching staff. With internal platforms unavailable, the university has relied mainly on its social media channels to share updates. These notices have acknowledged the disruption but have not provided detailed technical explanations or a confirmed date for when full access will be restored.
University officials confirmed that their systems were deliberately powered down to contain the threat and to prevent malicious software from spreading to other parts of the network. Emergency shutdowns of this kind are typically used when there is a risk that an attack could compromise additional servers, user accounts, or stored data. This response suggests that the incident involved harmful software capable of moving across connected systems.
According to publicly available reporting, the disruption was caused by ransomware, a category of cyber attack in which criminals attempt to lock organizations out of their own systems or data. Some media sources have claimed that a newly observed cybercrime group may be linked to the breach and that a ransomware variant referred to in security research as Bablock, also known as Rorschach, may have been involved. These attributions are part of ongoing assessments and have not been formally confirmed by authorities.
Technical analyses cited in public reporting describe this malware family as drawing components from previously leaked cybercrime tools, allowing attackers to combine multiple techniques into a single, highly disruptive program. Such ransomware is designed to operate rapidly and can spread across large digital environments, which helps explain the scale of the disruption experienced by one of Europe’s largest universities by student enrollment.
The university has formally reported the incident to Italian law enforcement and to the National Cybersecurity Agency, both of which are now involved in the investigation and response. Administrators have stated that emergency management is being coordinated across academic offices, administrative departments, and student representatives, with discussions underway to introduce deadline extensions and flexible arrangements to limit academic harm.
Due to the ongoing shutdown of internal systems, campus information desks are currently unable to access digital records that would normally support student inquiries. Updates about service availability and office hours are being shared through official faculty social media pages.
Meanwhile, technical teams are examining the full scope of the breach before restoring systems from backups. This step is necessary to ensure that no malicious code remains active. It is still unclear whether all stored data can be fully recovered or whether some information may remain inaccessible following the attack.
