Cyberattack Paralyzes La Sapienza University, Disrupting Operations for Days
La Sapienza University in Rome, one of Europe’s largest educational institutions with approximately 120,000 students, has been grappling with a significant cyberattack that has incapacitated its computer systems for several days. The disruption began on February 2, 2026, when the university detected unauthorized access to its IT infrastructure.
In response to the breach, La Sapienza proactively shut down its network systems to safeguard data integrity and prevent further damage. This precautionary measure has led to widespread operational disruptions, affecting educational activities, administrative functions, and internal communications. As of February 6, 2026, the university’s official website remains inaccessible, and many digital services are still offline.
The cyberattack has been attributed to a ransomware incident involving the BabLock malware, also known as Rorschach. This sophisticated malware is capable of encrypting data rapidly, rendering systems inoperable. The perpetrators, identified as the hacker group Femwar02, have reportedly demanded a ransom of €1 million to restore access to the encrypted data. Notably, the attackers have set a 72-hour countdown for the ransom demand, which commences only when the ransom note link is accessed. To avoid triggering this countdown, university officials have refrained from opening the link.
The compromised data encompasses a wide range of sensitive information, including administrative and financial records, academic research data, student and faculty portal information, and internal communication logs. The exact number of individuals affected by the breach has not been disclosed.
In the wake of the attack, La Sapienza has established a technical task force dedicated to analyzing the incident and initiating the cleanup of the affected infrastructure. The university is collaborating closely with Italy’s National Cybersecurity Agency (Agenzia per la Cybersicurezza Nazionale, or ACN) and the Postal Police to investigate the breach and implement remediation measures. Recovery efforts are currently focused on restoring critical services using unaffected backups.
The incident has caused significant disruption to the university community, impacting educational, research, and administrative functions. Students and staff have been advised to monitor their accounts for unauthorized access and to implement multi-factor authentication once the network is restored. Security professionals recommend heightened vigilance against potential phishing attacks and unauthorized access attempts.
This cyberattack on La Sapienza is part of a troubling trend of ransomware incidents targeting educational institutions across Europe. In recent months, several universities have fallen victim to similar attacks, leading to operational disruptions and data breaches. For instance, the Eindhoven University of Technology in the Netherlands experienced a cyberattack in January 2025, resulting in the suspension of lectures and educational activities. Similarly, the University of Zurich in Switzerland confirmed a serious cyberattack in February 2026, which led to the suspension of IT services for an extended period.
These incidents underscore the growing threat of cyberattacks on educational institutions, which often possess vast amounts of sensitive data and may lack the robust cybersecurity measures found in other sectors. The attacks highlight the need for universities to invest in comprehensive cybersecurity strategies, including regular system updates, employee training, and the implementation of advanced threat detection and response mechanisms.
As La Sapienza works diligently to restore its systems and secure its infrastructure, the incident serves as a stark reminder of the vulnerabilities present in the digital landscapes of educational institutions. It also emphasizes the importance of proactive cybersecurity measures and the need for continuous vigilance in the face of evolving cyber threats.
