Roanoke College in Salem, Virginia has added on 14 more days to their winter break this year.

This higher education facility has been dealing with a cyber incident since Dec. 12.

Hopefully, this situation paints the picture for how long your business or organization will be dealing with attacks and their repercussions if networks are not secure. Ransomware attacks average about 16 days of downtime before operations can be fully restored.

The College experienced network outages impacting their access to files. Roanoke College disconnected all IT systems to stop the bleeding. They are working to restore operations beginning with the ‘Z:’ and ‘X:’ shared drives. Apparently, no data has been lost. They claim to have enough backups, their website is working, but areas requiring logins do not. Roanoke also disabled passwords on systems and required students to reset passwords with IT services.

Although, it hasn’t been revealed at the time of publication, evidence points to a ransomware attack.

As of today, they have restored the following:

  • Microsoft Office 365 environment (campus email, OneDrive, Outlook calendar and Microsoft Teams) for off campus access only
  • Network connectivity to data center, campus safety and IT offices
  • Classroom and lab computers (no network connectivity)

The following are still in restoration:

  • Personal Z: drivers and department X: drives
  • Colleague
  • Authentic cation services (State, Inquire, Maxient, etc.)
  • Office computers
  • Network connectivity to other campus buildings
  • Phone system

The higher education sector has been struggling in attempts to stay secure while most students are remote. Many processes and network connections for educational institutions had to be transitioned quickly for remote learning and this led to the exposure of additional endpoints for threat actors. These threat actors are real people, they are aware of trends and changing environments just like everyone else, and they are savvy when using the technological adjustments to their advantage.

SpearTip is constantly watching for new malware and manipulative programs. Our 24/7 Security Operations Center (SOC) is fully staffed with cybersecurity professionals to monitor and protect your environment. Not only are our cybersecurity teammates continuously preventing cyberattacks, but also able to deploy our proprietary tool, ShadowSpear® in an environment before or after an attack.