Trending:
Cybersecurity

Sapienza University ransomware attack: recovery underway, backup segmentation likely limited damage

Italy's largest university shut down its network on February 2 after a suspected ransomware attack. The fact that backup systems remained intact suggests either effective network segmentation or limited initial compromise. Recovery timeline remains unclear.

The Biggish Editorial ·
Sapienza University ransomware attack: recovery underway, backup segmentation likely limited damage Photo by Brett Sayles on Pexels

Sapienza University of Rome took its entire network offline on February 2, 2026, following a suspected ransomware attack. The university's website and Infostud portal (used for exam booking and academic records) went dark. Italy's National Cybersecurity Agency is now on-site supporting recovery efforts.

What's notable: Sapienza's backup systems were unaffected. This is significant. Either the university had proper network segmentation in place, or the attackers didn't fully compromise the environment before detection. Both scenarios suggest faster recovery than worst-case ransomware incidents, which typically see backup destruction as a primary attack objective.

The university hasn't disclosed recovery timelines or confirmed whether this was ransomware versus another attack type. No threat actor has claimed responsibility. What we do know: a technical task force is restoring services gradually from those clean backups.

This fits a broader pattern. January 2026 saw at least seven major ransomware incidents across public sector and critical infrastructure: Romanian energy systems, South Korean education technology, US federal contractors. Universities remain attractive targets due to valuable research data, student PII, and typically constrained security budgets spread across distributed IT governance.

The threat landscape is shifting. Recent intelligence shows only 8% of LockBit victims paid ransoms in 2025. Attackers increasingly focus on data exfiltration and extortion threats rather than encryption. Recent incidents involved 200GB+ data theft, with ransom demands ranging from tens of thousands to $10 million.

For enterprise leaders, the takeaway isn't just "have backups." It's "segment your backups from production networks" and "test restoration procedures regularly." Sapienza appears to have done at least the first part right. The second part—how quickly they can actually restore operations—is what we're watching now.

The university has not provided estimated recovery timelines or confirmed impacts on teaching schedules and examination periods.

Tags:
education cybersecurity incident-response ransomware italy

Related Articles

Zero-day exploits are boardroom risks, not IT problems
Cybersecurity

Zero-day exploits are boardroom risks, not IT problems

Zero-day vulnerabilities - software flaws exploited before vendors know they exist - are shifting from rare technical glitches to strategic business risks. With 83 exploits reported in 2021 (double the previous year) and identity platforms becoming prime targets, the question for leadership isn't 'are we protected?' It's 'how do we detect what we can't see?'

Feb 3, 2026