How a Ransomware Attack Shut Down a 157-Year-Old College

Businesses today have to contend with a wide range of cybersecurity risks.

One of the biggest dangers of all is ransomware, which hackers use to block access to critical data and networks. Victims are faced with the choice of paying a ransom to remove the malware, or potentially losing sensitive data and system access for good.

This is a growing threat, with research by CrowdStrike showing an 82% increase in ransomware-related data leaks in 2021.

These attacks can put the existence of even the most established institutions at risk, as the story of Lincoln College shows.

What happened at Lincoln College?

Established in 1865, Lincoln College was a historically Black college in Illinois that overcame a range of challenges throughout its history, including the Spanish flu pandemic of 1918, World War II and the 2008 financial crisis.

However, the double shock of the COVID-19 pandemic and a ransomware attack in December 2021 led the college to announce that it was permanently closing in May 2022.

The cyber breach disrupted the institution's admissions activities, restricted access to essential data and hindered its 2022 student enrolment projections. All systems used for recruitment, retention and fundraising work were also rendered inoperable.

Full access wasn't restored until March 2022, at which point it was clear there were significant shortfalls in enrolment and the college wouldn't be able to continue without financial donations or new partnerships.

Efforts to improve its financial position were ultimately unsuccessful, forcing the college to announce that it would be unable to continue operating beyond the current semester.

Gerlach told the Chicago Tribune that Lincoln College paid a ransom of under $100,000 to recover the data compromised by the ransomware attack, which originated in Iran.

The vulnerability of schools and public institutions

Institutions such as schools, hospitals and government bodies - which provide vital services that many people rely on - are particularly vulnerable to ransomware attacks. This is partly due to the fact that they're in possession of sensitive personal data they don't want to see compromised, and also because criminals believe these organizations are more likely to pay a ransom to recover their data and system access, owing to the crucial nature of the services they deliver.

Brett Callow, an Emsisoft threat analyst who tracks attacks on schools and colleges in the US, told the Record that 13 educational institutions have been targeted so far in 2022 alone. In the majority of those events, the target school's networks were rendered inaccessible and the hackers also exfiltrated data.

One case, at Kellogg Community College in Michigan, caused chaos for nearly 7,000 students attempting to sit their final exams. In another incident this year, Austin Peay State University in Tennessee had to send out messages on Twitter telling everyone on campus to shut down their computers immediately following a ransomware attack.

Tackling the threat of ransomware

Ransomware is clearly a threat no business can afford to ignore, so what can you do to improve your cybersecurity and increase your protection against this risk?

Don't assume it won't happen to you

First and foremost, it's crucial not to fall into the trap of thinking that, just because you have been in business for years and have never been targeted by ransomware, it will never happen to you. The FBI's Mike Christman told CBS News that "everyone should expect to be attacked".

Know the most common attack vectors

Education and awareness are crucial, particularly where the most common ransomware attack vectors are concerned. According to cybersecurity firm Fortinet, these are:

• Stolen credentials
• Email (through phishing and social engineering)
• Criminals exploiting recently discovered and zero-day vulnerabilities to gain unauthorized system access

Regularly back up critical data and files

Making regular backups of the crucial data and files you need to keep your business running won't stop you from being targeted by ransomware attacks, but it could make it easier for you to recover from them.

Reduce the risk of malware entering your network

You can make it harder for malware to infiltrate your network and devices with the help of tools and security services such as email and spam filtering, safe browsing lists to restrict access to sites known to host malicious software and internet security gateways that examine content for known malware.

It's also crucial to stay vigilant to vulnerabilities in particular devices and to install security patches and operating system updates as soon as they become available.