Italian university La Sapienza still offline to mitigate recent cyber attack

Rome’s La Sapienza University was hit by a cyberattack that disrupted IT systems and caused widespread operational issues.

Since February 2, Rome’s La Sapienza University, one of the most important Italian universities, has been offline due to a cyberattack. For days, students have been unable to book exams, check tuition payments, or access faculty contacts. The university has mainly communicated via social media, offering limited details and no clear timeline for full restoration.

The university only confirmed it was a victim of a cyber attack, it also added that was forced to shut down its infrastructure to mitigate the attack and prevent the threat from spreading, a circumstance that suggests a ransomware attack.

“As a precautionary measure, and in order to ensure the integrity and security of data, an immediate shutdown of network systems has been ordered,” the organization said.

Public reports confirm that the University suffered a ransomware attack that disrupted its operations. Some media reported that a new Russian cybercrime group tracked as Femwar02 is behind the attack

““What appears certain is the use of a next-generation ransomware strain known as ‘Bablock,’ the most widely used and destructive in 2025. The same malware was allegedly used by the previously unknown ‘Femwar02’ crew to breach Sapienza University’s IT systems two days ago and bring them to a standstill.” reported the Italian media outlet La Stampa. “This form of extortion malware, employed by criminal groups, typically avoids encrypting devices set to Russian or other post-Soviet languages, which has fueled concrete suspicions—confirmed by investigators—that the attack on Europe’s largest university by enrollment, with around 122,000 students, was carried out by a pro-Russian group.””

“Cyber ​​Attack Update (February 3, 2026) Sapienza is managing the emergency in a unified and coordinated manner, meeting all deadlines within its remit and working in conjunction with the other institutions involved.” reads an update published by the university. “Decisions are being made in close coordination with offices, learning and administrative structures, and student representatives on the University’s governing bodies, evaluating extensions and flexible arrangements to protect careers.”

The university reported the incident to law enforcement and Italian National Cybersecurity Agency (ACN), who are involved in the response.

“Due to the IT infrastructure shutdown, the Infopoints will not be able to provide further information that, under normal circumstances, would require access to digital systems and databases” reads the last update. “[more details on the opening hours and days of the Infopoints are on the social media pages of the individual faculties]”

The media report links the security breach to Bablock/Rorschach ransomware based on malware traits and tactics. First seen in 2023, this malware family borrows code from leaked Babuk, LockBit v2.0, and DarkSide code.

As the investigation continues, university technicians are working to determine the scope of the security breach before restoring data from backups. It’s also unclear whether the backups contain all data or if some remains inaccessible after ransomware encryption.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, La Sapienza)