For more than five weeks, the TU Berlin has been working to repair the consequences of a serious hacker attack on the university’s IT systems. Until the central IT services are up and running again, however, it will be "still take several months", a TU spokeswoman told our site. The focus was initially on the most urgently needed services.
At the same time, dependencies between different systems had to be taken into account, "which may require a certain sequence of restarts", said the spokesperson. In addition, there is a "backlog of incidents". It is not yet possible to estimate what costs the attack has already caused or will cause.
No testing without SAP
The IT emergency team, which was set up after the attack at the end of April, aims to have the core SAP system up and running again by the end of June, according to its priority list. There will be no portal access to it for the time being, so students will not have access to a self-service kiosk over the net for the time being.
Gabriel Tiedje from the General Students’ Committee (AStA) had previously complained to Inforadio that the entire student administration via SAP was not accessible. Without online call registration and access to transcripts, students could not complete the semester, graduates could not apply or register for a master’s degree at other universities. Work is underway to find transitional solutions with other universities.
Exchange from mid-July
Before that, another password change is planned for mid-June. This should make it possible to use WLAN and VPN tunnels in the near future. The own tubCloud is available again since 28. May, e-mail will initially only be available as a temporary emergency e-mail service. E-mails received from 30. April are to be retrievable via this service, as they have been temporarily stored since then. Employees and students should be able to access the actual Exchange e-mail server again from mid-July. Other services and applications are to follow gradually.
According to forensic experts, the cybercrime gang Conti is behind the attack with the smuggled-in encryption Trojan. It is located in Russia. However, there was no exchange with the group or a lottery ticket, the spokeswoman reported. After the ransomware attack on the Irish health administration, Conti had ied decryption software free of charge. Such a "gift" TU did not receive such a gift, according to its own information.
According to an information website of the university on the restrictions, the financial administration could not pay the salaries for the staff in the usual form, among other things, due to the blockade. The funds for May were therefore based on the data from April "with reservation". Any overpayments or underpayments are to be offset or compensated for in the following month. In general, in the area of personnel, currently only "emergency procedures" processed.