Fraud Management & Cybercrime , Security Operations
College Shuts Down Due to Cost of Ransomware Attack'Financial Burden' of Cyberattack Amid COVID-19 Too Much for 157-Year-Old College
The "financial burden" of a December 2021 cyberattack and the aftereffects of the COVID-19 pandemic forced 157-year-old Lincoln College in Illinois to cease operations on Friday, its president, David Gerlach, says.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
The decision to terminate operations, which was decided in a vote by the board of trustees, has been sent to the Illinois Department of Higher Education and the Higher Learning Commission, Gerlach says.
Impact of the Cyberattack and Pandemic
Named after former U.S. President Abraham Lincoln, the college took three months to recover from the cyberattack - reportedly a ransomware attack - which took down its systems and servers, a note on the college website says.
The cyberattack "thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of fall 2022 enrollment projections. ... All systems required for recruitment, retention, and fundraising efforts were inoperable," a note on the school's website says. No personally identifiable information was exposed.
"Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester," according to the note.
The management held several fundraisers, sold assets, consolidated employee positions and explored lease alternatives but failed to achieve long-term viability in the face of the pandemic. "Lincoln College has survived many difficult and challenging times - the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis, and more, but this is different," Gerlach says in the note.
He goes on to say that the pandemic required the college to make large investments in technology and campus safety measures and also brought about a significant drop in enrollment, which affected the institution's financial position.
Gerlach declined Information Security Media Group's request for comment.
Cyberattacks, especially ransomware attacks, can be painful for organizations to recover from during the best of times. But as this story shows, it can be an existential threat for struggling organizations, says Chris Clements, vice president of solutions architecture at security firm Cerberus Sentinel.
"From their announcement, the institution was already struggling due to the COVID-19 pandemic, but having critical systems offline for three months during a vital enrolment period may have sealed their fate," Clements tells ISMG.
Educational Institutions: A Lucrative Target
Ransomware attacks on educational institutions - including universities, colleges and even K-12 schools in the U.S. - have been on an upward swing, says Brett Callow, threat analyst at cybersecurity firm Emsisoft. At least 10 U.S. universities or colleges and eight school districts with a total of 214 schools have been affected by ransomware so far this year, he tweeted in April. Data was stolen in at least 11 of the 18 incidents, he added.
A 2021 Emsisoft report shows that 88 U.S. education sector organizations were affected by ransomware in 2021, and 62 were school districts while the rest were colleges and universities. The attacks disrupted learning at 1,043 individual schools, the report says.
Stephan Chenette, co-founder and CTO of cybersecurity firm AttackIQ, in a recent correspondence with ISMG, says that educational institutions continue to be an attractive target for cybercriminals because "they store large amounts of valuable personally identifiable information and often lack critical resources for proper security measures."
In the first week of May, Kellogg Community College, which houses nearly 8,400 students across five campuses in Michigan, suspended classes in all its campuses owing to a ransomware attack from an unnamed threat actor (see: Update: KCC Resumes Operations Post-Ransomware Attack)
KCC has now resumed operations but has forced all its staff and students to mandatorily reset passwords and set up multifactor authentication to securely access the college's online systems.
Separately, BlackCat, aka Alphv, which is considered to be a rebrand of the DarkSide or BlackMatter ransomware group, also claimed to have targeted at least three universities. Two of them - the Florida International University and the North Carolina Agricultural and Technical State University - are based in the U.S. (see: Update: What's BlackCat Ransomware Been Up to Recently?).
The Florida International University, at the time, told ISMG that its preliminary investigation showed no risk to any financial information, Social Security numbers, or information on student performance. Its education process also was not affected.
An NCAT State University spokesperson also told ISMG that its IT services department had shut down various systems to contain the incident immediately after it was notified. An exhaustive review showed that no current faculty, staff or student data was affected.
In the latest episode of the podcast series "The Ransomware Files," Rockford Public Schools in Illinois talks about the challenges faced in the aftermath of a ransomware attack and its uphill climb back after Ryuk encrypted more than 6 million of the school's files, wrecked applications and locked the staff out of the college servers (see: The Ransomware Files, Episode 7: Ryuk's Rampage).
The ransomware attack encrypted more than 300 servers and several weeks of backup and infected some 5,000 Windows machines, all of which needed to be reimaged. The school's phones and emails also did not work.
But the district refused to pay the ransom.
Prepare for a Cyberattack
Erfan Shadabi, a cybersecurity expert at cybersecurity firm Comforte AG, tells ISMG that all organizations must prepare for the eventuality of a cyberattack. Regular backup procedures and robust recovery capabilities will allow quick restoration of IT and data environment to a pre-breach state, he says.
The best strategy, Shadabi says, is to safeguard sensitive data through a data-centric approach. "Data-centric security is all about anonymizing data wherever and whenever it is used - with techniques such as encryption and tokenization. Thus, even if a hacker gets ahold of corporate data, they will not be able to read, exploit or monetize it. No organization can be 100% ransomware-proof today. Accept the eventuality and prepare accordingly," Shadabi tells ISMG.