It may seem from its name that it is not something very serious. Protect Your System Amigo is the expansion of the acronym Pysa, the name of the computer virus that attacked the Autonomous University of Barcelona (UAB) two weeks ago. However, the effects of this parasite have turned a campus that was just getting back to normal after three convulsive semesters due to the covid pandemic. The university's internal network continues to be knocked out, with a long recovery perspective, at the end of the year, to be able to face the exams in January and February and the procedures at the end of the semester. The rectorate has approved a resolution of a two-month moratorium for administrative processes.
The UAB owns some 10,000 personal computers, which are currently undergoing screening to find out which ones can be moved over the Internet again without risk of reinfection. The Faculty of Law, for example, has made an appeal on Twitter to professors to bring their laptops to the secretariat to be analyzed. "We are putting green or red stickers on the equipment," explains the rector's commissioner for ICT, Jordi Hernández. "It is very complex to leave everything clean and you have to have this certainty before opening the door to and from the internal network", reflects the UOC professor, expert in cybersecurity, Jordi Serra, to justify the recovery period of weeks to come proposed by the UAB.
If during the outbreak of the coronavirus the face-to-face world had to find its place on the Internet, now the digital services of the UAB infected by Pysa, a virus that can be bought on the black market, have to reinvent themselves within the Internet itself. Professors who send documentation to class delegates via WhatsApp or the creation of parallel web pages that are simpler than usual, such as the library page, the communication page, or the university's main page, are some of the examples. Attendance also gains weight. In the case of mid-term exams, handwritten exams are now the easiest to manage. Services such as email, classroom management, the assignment of tutors to final year projects and access to some academic articles on payment platforms have been disabled by the attack on a network that serves 37,000 students and 4,000 teachers .
Serra believes it is quite likely that the cybercriminals who attacked the UAB had been inside the system for days, trying to affect as many resources as possible, even routers or the backup copies themselves. “And you can't format everything. You have to isolate computers to see how they behave”, points out the UOC professor. The Pysa Trojan, when it enters a system, mutates to avoid being detected by antiviruses. Then, he encrypts the information and leaves it inaccessible, together with the request for an economic reward that the UAB, due to its public nature, does not plan to pay.
It was in the early hours of October 11 that the UAB became aware of the attack. The first step towards recovery was a week ago, when the campus restored Wi-Fi connection to be able to consult the internet. Clean computers can now also be connected to cable points. After the bridge on November 1, the UAB plans to recover the email service and, in the middle of the month, the Microsoft Teams tool, which will temporarily supply Virtual Campus services (where the student-teacher relationship is centralized) such as the teacher evaluations.
The rector of the UAB, Javier Lafuente, issued a resolution at the end of last week to suspend the deadlines in the administrative processes of the university with a validity of two months from the cyberattack. Two examples that have been affected: a call for aid for the requalification of the Spanish university system and a competitive examination by the administrative body. Hernández explains that the effects of the crime, which the Mossos d'Esquadra are investigating, will last until 2022, since the different affected resources are being arranged in a queue of priorities. In general, the person in charge of ICT finds it difficult to establish dates.
Demand for more IT
Of the UAB's 120 ICT technicians, about twenty work exclusively on rebuilding the computer system, although the rest also tackle it indirectly. Hernández estimates that between 10 and 15 more highly qualified people would be needed. For this reason, the UAB has requested financial aid from the Department of Research and Universities to deal with this contract, in addition to paying for other cybersecurity software services. "At the moment we have the commitment," says Hernández, who cannot set an economic amount for said aid.
The rector's commissioner for ICT sees that the situation at the UAB will accelerate the Government's concern about cybersecurity. Last week, the Vice President of the Generalitat, Jordi Puigneró, visited the campus, where he explained that the Cybersecurity Agency of Catalonia will now offer a computer security program for universities and the creation of a platform of virtual courses to "generate talent in the field of “cybersecurity”.