Higher education institutions being targeted for ransomware attacks

Three colleges have been victims of cyberattacks in the last three months alone.

While higher education is typically not thought of as a targeted industry for ransomware attacks, a trend may be forming. Three different colleges, North Carolina A&T University, Lincoln College and Austin Peay State University have all been negatively impacted by these types of cyberattacks, with one even leading to the closure of Lincoln College due to the scale of the hack.

“While there are obviously circumstances beyond the cybersecurity incident at play here, it’s also clear that responding to and recovering from ransomware played a significant role in Lincoln College’s demise,” said Tim Erlin, vice president of strategy at Tripwire. “It cost them time, as well as money, to recover. In this case, time was equivalent to the opportunity to perhaps right their ship and save the institution. When you’re already struggling, losing access to operationally important systems for more than a month can easily become a death knell.”

Lincoln College forced to close

As the most extreme example of a school being affected by ransomware, Lincoln College was forced to close its doors for good after 157 years of operation on May 13. The school was initially hit by the COVID-19 pandemic, limiting the school’s ability to recruit and fundraise for the private institution. But the final death blow came after struggles with a severe December ransomware attack that limited the faculty’s access to important school data, making it even more difficult for the school to find new potential students and thus limiting the college’s ability to keep its doors open.

According to the notice on the Lincoln College website, “All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

“Cyberattacks like ransomware can be painful for organizations to recover from during the best of times, but as this story shows, for any organizations already struggling, they can be existential threats,” said Chris Clements, vice president of solutions architecture at Cerberus Sentinel. “From their announcement, the institution was already struggling due to the pandemic but having critical systems offline for three months during a vital enrollment period may have sealed their fate.”

Austin Peay’s cyberattack

On April 27, Austin Peay State University sent out the below tweet, indicating that they also had suffered a ransomware attack:

APSU ALERT: Ransom ware attack. THIS IS NOT A TEST. SHUT DOWN ALL COMPUTERS NOW!

— Austin Peay State University (@austinpeay) April 27, 2022

The school’s systems were restored after being offline for three days according to the Austin Peay news page. The ransomware attack was believed to have come via phishing emails, as the news site for the school urged students and faculty to be wary of potentially harmful links.

A petition started by the Governor’s student body to put off final exams to a later date due to the attack outlined the events as “Connectivity on campus and to essential online student services such as One-Stop, Outlook email and One-Drive is compromised. Students who rely on campus for Wi-Fi, the Felix G. Woodward Library, the Writing Center, and other resources do not have access to them.”

SEE: Mobile device security policy (TechRepublic Premium)

North Carolina A&T targeted by BlackCat

In late March, North Carolina A&T University was believed to have suffered a ransomware attack at the hands of hacking group ALPHV/BlackCat. While the school was on its Spring Break, cyber criminals were able to disrupt a number of the school’s wireless connections, instruction tools, single sign-on websites and VPN as part of the attack. BlackCat was alleged to have stolen personal information as part of the hack, such as Social Security numbers of teachers and students. In addition, the hacking group had purported to have obtained school information such as contracts, financial information, SQL and email databases.

In a direct contradiction to the hacking group’s statement, university officials said that no personal information had been stolen and the only aspect of the school affected by the attack were the institution’s systems.

“To remain safe, organizations must adopt a culture of security that builds cybersecurity awareness and protection into all business operations,” said Clements. “Doing so as early as possible is much easier than trying to retrofit security best practices into mature and diverse environments. Getting cybersecurity right is a challenging job, but the ever-increasing risk of damage from an attack means that it must be taken seriously to protect organizations from potentially devastating loss.”