Sapienza University of Rome, one of the largest universities in Europe with around 120,000 students and staff, has been knocked offline for several days after an apparent cyberattack that forced the shutdown of its entire digital infrastructure, including email, administrative systems, and its main website, and left students and faculty without access to essential services as technicians work to restore operations from secure backups. The university confirmed the attack in social media posts and said it acted as a precautionary measure, while Italian media report that a suspected ransomware — potentially linked to a group known as Femwar02 using BabLock malware — may be the cause, although officials have not formally confirmed the details; the outage has also disrupted academic and administrative functions and prompted efforts by cybersecurity specialists and national authorities to investigate and recover systems.
Sources
https://techcrunch.com/2026/02/05/one-of-europes-largest-universities-knocked-offline-for-days-after-cyberattack/
https://www.timeshighereducation.com/news/europes-largest-university-hit-massive-it-outage
https://www.bleepingcomputer.com/news/security/italian-university-la-sapienza-goes-offline-after-cyberattack/
Key Takeaways
• A major IT outage at Sapienza University of Rome was caused by a suspected ransomware cyberattack that forced systems offline for days, blocking emails, administrative functions, and online services.
• Italian media suggest the attack may involve BabLock or related ransomware and an emerging threat group, though official confirmation remains pending, and restoration efforts rely on unaffected backups and cybersecurity teams.
• The disruption highlights ongoing vulnerabilities in higher-education IT environments and the broader trend of ransomware and hacking incidents affecting large organizations and critical institutions.
In-Depth
Sapienza University of Rome’s extended IT outage after a suspected cyberattack illustrates a significant escalation in cyber threats targeting major institutions and underscores the real-world consequences when critical digital infrastructure is compromised. In a scenario increasingly familiar in both public and private sectors, what began as an initial breach grew into a full-blown disruption of essential systems. The university — one of Europe’s largest with approximately 120,000 students and staff — announced that it had taken its entire network and services offline as a precautionary measure. Core facilities such as email servers, administrative platforms, and the main website remained inaccessible for several days while internal technicians, national cybersecurity authorities, and external specialists worked to assess damage and restore operations. The university’s public statements focused on containment and recovery but stopped short of confirming the exact nature of the attack.
Independent reports in Italian and international media have since pointed to a suspected ransomware incident, potentially involving malware known as BabLock and linked to a threat actor identified by some outlets as Femwar02. Although official confirmation from Sapienza or government cybersecurity agencies was not available at the time of reporting, the characteristics described — including encrypted systems and ransom demands tied to a countdown mechanism — align with known ransomware tactics employed by criminal gangs. Such tactics typically involve encrypting files and threatening to release sensitive data or withhold access until a ransom is paid. In this case, the university reportedly avoided triggering the ransom timer by not engaging with the malicious link or payload.
This incident has far-reaching implications beyond temporary inconvenience. Educational institutions rely on digital systems not merely for convenience but for core operations such as enrollment, grading, research data access, financial management, and academic communications. When these systems go dark, the consequences ripple through every facet of campus life. Sapienza’s decision to continue in-person exams and set up temporary information points around campus reflects an attempt to maintain continuity amid the disruption, yet the absence of formal digital channels posed hurdles for students and staff alike.
The event also highlights a broader pattern: cyberattacks are not isolated to Sapienza or elite research universities alone. Across Europe and the U.S., hospitals, schools, government agencies, and private companies have felt the impact of ransomware and other malicious incursions in recent years. Cybersecurity experts emphasize that no institution is immune, especially those with large, interconnected systems and sprawling user bases — conditions that make universities attractive targets. The incident serves as a stark reminder that robust backup strategies, continuous network monitoring, strong authentication protocols, and incident response plans are not optional but essential elements of modern institutional security.
In the meantime, Sapienza’s technical teams remain hard at work restoring full operations and safeguarding sensitive data. The university’s experience is a cautionary tale for other organizations with sprawling digital ecosystems: as cyber threats evolve, so must the defenses designed to protect the people who depend on these platforms every day.