Information technology staff members at Central Piedmont Community College in Charlotte, N.C., are working to bring the campus back online and resume classes seven days after discovering the college was targeted by cybercriminals.
The cyberattack was discovered late in the evening of Feb. 10. Several campus IT networks, including email, were quickly shut down as a precaution. But the college’s website is still online, and students are receiving updates via text, voice mail and social media messages.
The FBI and state agencies have been brought in to help investigate the incident. So far there is no indication that faculty, staff or students’ personal information was compromised.
Central Piedmont has shared few details of the attack but said ransomware was involved. Typically in ransomware attacks, hackers use phishing emails to trick network users into sharing their personal log-in details. The criminals then use these details to access valuable information, encrypt it and demand payment to restore access.
The community college canceled all online classes and most in-person classes following the discovery of the cyberattack. It plans to restart the spring semester Monday and skip a planned spring break in order to make up for lost class time.
“We know this malicious attack makes an already incredibly difficult time even harder,” Kandi Deitemeyer, president of Central Piedmont, said in a statement. “Our teams that had already been stretched by moving classes and services online due to the pandemic are now being pressed again to deal with a severe technology outage. However, let us assure you: We will not be deterred. The impact of the cyberattack will be a temporary setback. As before, we will get through this together.”
Though ransomware attacks are still relatively unusual in higher ed, they appear to be on the rise. Last year cybercriminals successfully targeted three colleges and universities using another kind of extortion tactic — finding sensitive information and threatening to sell it on the dark web unless they receive payment.
Few universities have admitted to paying ransoms in the past, in part because of concern they may be seen as a soft target for future cyberattacks.