40,000 students forced to queue for new passwords after 'severe' cyber attack

Legal quirk means German university students must receive new passwords in person following a password reset

Tens of thousands of university students in Germany have been forced to queue up to receive new passwords following a mass-password reset spurned by a recent security incident.

The University of Giessen’s (JLU) 38,000 students are being issued with new passwords in person due to a legal oddity that means they can’t be notified through email, as is conventionally done after a credential reset.

Because the institution is part of the German National Research and Education Network (DFN), the students may only receive their new passwords in person as part of a legal requirement to be members of the body, JLU has confirmed.

Students are also being asked to bring a valid form of ID, and their personalised JLU photocard embedded with a chip to prove their identity. Moreover, the university has released a structured timetable for collection, with users asked to queue up during different time slots throughout this week based on their month of birth.

The password reset was deemed necessary after a suspected cyber attack almost ten days ago knocked JLU’s services offline. The incident was described as ‘severe’ in an open letter penned by the president of JLU Professor Dr Joybrato Mukherjee and required that the university shut down its servers.

JLU was taken offline on Sunday 8 December as a result of the attack, with all email systems and internal networks out of action, and no fixed date as to when all services will be back online. 

These actions also meant the entire examination administrative system was taken offline, so students can’t be provided with degree certificates, transcripts or records of any exam certificates until services are restored.

JLU established a crisis management committee, led by the body's president, and has been working with authorities and cyber security experts to establish the extent of the damage and to aid in any ongoing investigations.

More than a thousand USB sticks loaded with anti-virus software are also being distributed en masse to professors, institutes and departments within the university. This is so that individuals can scan JLU's IT systems for any traces of malware.

Computer systems granted a clean bill of health will receive a green sticker, before individuals embark on a second wave of anti-virus scanning, scheduled to take place today.

While the first wave of anti-virus scanning searches for generic virus types, this second wave contains a scan that’s highly specified to the strain of malware that targeted the university.

JLU has had to conuct a scan of its computer systems in two waves because it was initially difficult to integrate the more specific anti-malware scanner into the existing anti-virus software.

However, this has now been achieved, and the second wave will be an all-encompassing anti-virus scan for both generic forms of malware as well as the new strain that targeted JLU.

Featured Resources

How to be an MSP: Seven steps to success

Building your business from the ground up

Download now

The smart buyer’s guide to flash

Find out whether flash storage is right for your business

Download now

How MSPs build outperforming sales teams

The definitive guide to sales

Download now

The business guide to ransomware

Everything you need to know to keep your company afloat

Download now

Recommended

New report highlights the need for diversity in cyber security recruitment
cyber security

New report highlights the need for diversity in cyber security recruitment

28 Apr 2021

Most Popular

KPMG offers staff 'four-day fortnight' in hybrid work plans
flexible working

KPMG offers staff 'four-day fortnight' in hybrid work plans

6 May 2021
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

29 Apr 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

30 Apr 2021