Computer attack: General questions and answers

On this page we have compiled general questions and answers about the computer attack on RUB, which concern all groups on campus.

No further updates (1.7.2020)

Starting 1 July 2020, there will be no further updates to these FAQ pages. Please visit the website of IT.Services for information on the current system status.

Can you tell why some email addresses work via external clients and others don’t? (19.6.2020)

RUB.DE email addresses often experience overload problems when the emails are accessed via the web client. Using an external email client (such as Outlook or Thunderbird), RUB emails can be retrieved easily. The same applies to forwarded emails. The server of the RUB-Mail web client is often overloaded, because obviously many people choose this option for accessing their emails. Check here:

Unfortunately, all mail accounts for which Exchange is set up could not be used for some time, not even via external mail clients. The Exchange infrastructure is now up and running again. Further information is available on the IT-Services website (German).

Are Sharepoint servers affected? (30.6.2020)

The sharepoint servers had been switched off, but have been back in operation since 27 June 2020. Accordingly, the infrastructure for central holiday time and business trip management, the further education portal, the project rooms of various committees, and the service portal is available once again. The respective departments are now gradually putting the applications back into operation and updating their databases.
There is a restriction with regard to an older sharepoint server farm, which is currently still being restored. This affects the applications of the gas storage facility, the VRR ticket issuing service, and an administration application.
Information on which applications are back and which aren’t is available on the IT-Services website.

Which systems are currently running and which are not? (5.6.2020)

A current overview is available at the websites of IT.Services and the Network Operation Center.

Not every system is currently running with the full technical resources, so it may be overloaded if too many users access the system at the same time. If a system is stuck, you should try it during off-peak hours.

What do I do when the new password doesn’t work? (4.6.2020)

For technical reasons, some passwords can’t be transferred to the new Active Directory (a core component of the Windows server network that was launched on 2 June 2020). As a result, some users can’t access certain digital services, for example they can’t log on to their office computer or access the file server. If you encounter such problems, please reset your password here: Ten minutes later, you should be able to use your account fully.

What happens to emails sent to blocked accounts? (4.6.2020)

Passwords for RUB LoginIDs that were not reset after 12 May 2020, 2 p.m. and before 3 June have been blocked for security reasons. In order to continue using the associated services, e.g. RUB email, users have to apply for a new password at the IT-Services Service Centre. Emails that are sent to blocked accounts won’t be received and can’t be delivered at a later date. Senders receive a message that the email could not be delivered.

Information on how to request a new password can be found on the IT-Services website at:

How do I get a new password if my old one's been locked? (3.6.2020)

Passwords for RUB login IDs that weren't reset by 3 June 2020 have been locked for security reasons. If you've been locked out of your account but want to continue to use it, please contact the Service Center of IT-Services and request a new password. The Sevice Center team is currently not available on campus, but you can contact them via email ( Please use the following form for your password request (German):

As IT Services is currently receiving many enquiries, the team is asking for patience. Some users contacted the Service Center before 3 June, because they’d forgotten their current password for the RUB LoginID and therefore couldn’t change it. These requests couldn’t all be processed yet. If you have made the request from a RUB email address, please contact the Service Center again using an alternative email address. As the old passwords for these accounts have been blocked, these users can no longer access their RUB emails and, consequently, won’t receive the answer from IT Services.

Is VPN usable? (2.6.2020)

Yes, the VPN tunnel can be used. If it is no longer needed, the connection should be terminated to reduce the load..

When will the file services be available again? (2.6.2020)

Some files on the servers and drives had been affected by the attack. Server systems had been encrypted, but no data was lost. The Active Directory – a central component of the Windows-based network – had to be rebuilt. The new Active Directory and central file services will be available in the course of 2 June 2020. This also means that access to network drives will be restored.

Can the attack cause damage my home PCs and files if I was connected via the VPN tunnel? (2.6.2020)

There is currently no known case where the attack has caused damage to client computers.

What have I to do, if I changed my password before 12 May 2020, 2 p.m.? (28.5.2020)

If you changed your password before 12 May 2020, 2 p.m., please note: the change hasn’t been processed in the system. You will have to change your password again. IT-Services has added another info box on its website. IT-Services also explains on its website where you can check when you last changed your password.

Until when do I have to change my password? (27.5.2020)

Accounts whose passwords have not been changed will be blocked for security reasons from 3 June 2020. If you wish to continue using the account, you must immediately change your password at

Can RUB-app be used? (26.5.2020)

Yes, but not all services are currently available within the app.

Is FlexNow available? (26.5.2020)

The system is available again.

Do Alumni have to change their password? (19.5.2020)

Alumni also have to change their password and use the Identity Management Webinterface.

A request to change the password was sent from to all alumni via email.

How can users find out if they use an exchange server? (13.5.2020)

Unfortunately it is very difficult to find out if mails are on an exchange server. An important indication is the calendar function. If it was possible to use it to its full extent (invitation of other users, invitation to share a calendar, etc.) the mail address is most likely on an exchange server.

Are there any problems with the server connection to mail clients like Thunderbird? (11.5.2020)

Certain peaks can cause Thunderbird and other clients to temporarily stop working. However, as far as we know a general problem doesn’t exist.

How is the information flow organised? (11.5.2020)

Unfortunately, we can’t coordinate our central communication with the many decentralised institutions individually. All RUB members should be guided by the centralised information issued by the university.

Is it an emotet attack? (8.5.2020)

At the moment we do not have much information about the attack. So we cannot answer this question yet.

What about Microsoft Office 365? (8.5.2020)

Office 365 is a Microsoft cloud product that isn’t directly linked with RUB and is therefore not affected by this incident. However, Office 365 is currently not available for official use.

Have contents of mailboxes/emails been read/copied? (8.5.2020)

There is no evidence for this, according to the analysis to date.

Might Linux-based systems also be corrupted? (8.5.2020)

Technically yes, but there is no known system as of today.

Can Sciebo still be used? (7.5.2020)

Yes, Sciebo is a cloud service and therefore not affected.

To top