alphv attacks University of Pisa

Incident Date:

June 11, 2022

World map



alphv attacks University of Pisa


University of Pisa




Pisa, Italy

Pisa, Italy

First Reported

June 11, 2022

University of Pisa Suffers Ransomware Attack by Alphv Group

The University of Pisa, one of the oldest universities in Europe, established in 1343, has recently fallen victim to a ransomware attack orchestrated by the Alphv ransomware group, also known as BlackCat. This group has made a name for itself by targeting various organizations through its Ransomware as a Service (RaaS) operation, leveraging the Rust programming language for its payloads to evade detection and enhance the damage inflicted.

Background of the University of Pisa

With a storied history and a commitment to research and innovation, the University of Pisa is a cornerstone of the Italian educational system. Despite facing numerous challenges such as economic downturns, fires, pandemics, and global financial crises, the institution has persevered, continuing to make significant contributions to the academic world.

The Alphv Ransomware Attack

The ransomware attack on the University of Pisa was publicly disclosed on the Alphv group's dark web leak site, accompanied by a ransom demand of $4.5 million. The specifics regarding how the university's defenses were breached remain undisclosed. However, it is widely recognized that ransomware actors frequently target educational institutions for their substantial financial resources and the critical nature of their operational continuity.

This incident at the University of Pisa underscores a growing trend of cyberattacks against educational entities, which can lead to severe repercussions such as operational disruptions, academic delays, exposure of sensitive personal data, and reputational harm.

Implications and the Need for Enhanced Cybersecurity

The attack on the University of Pisa by the Alphv ransomware group, demanding a ransom of $4.5 million, highlights the escalating threat of ransomware attacks on educational institutions. It underscores the imperative for robust cybersecurity defenses to safeguard sensitive information and ensure the uninterrupted operation of educational services.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.