Chris Swagler | May 15th, 2022

Lincoln College, a liberal arts school in rural Lincoln, Illinois will be closing its doors after 157 years following a massive hit on its finances from the COVID-19 pandemic and a recent ransomware attack. The college, named after President Abraham Lincoln, broke ground in 1865 and is one of only a few rural American colleges to qualify as an historically Black institution by the Department of Education.

The college survived numerous disasters and challenges, including the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, and the 2008 global financial crisis. However, a ransomware attack in December was the final straw, and the decision to shut down on May 13, 2022, was unavoidable. The Illinois Department of Higher Education and the Higher Learning Commission were notified by the school of the impending permanent closure. The college’s Board of Trustees voted to cease all academic activities at the end of the spring semester.

An announcement was published on the college’s website stating Lincoln College became a cyberattack victim in December 2021. The attack thwarted admissions activities and prevented access to all institutional data causing an unclear picture for enrollment projections. The ransomware encrypted important data, which made it difficult for administrators to manage their network systems. All systems required for recruitment, retention, and fundraising efforts were inoperable, but luckily no personal identifying information was exposed. Once the systems were fully restored, the projections displayed significant shortfalls in enrollment, which necessitates a transformational donation or partnership to sustain Lincoln College beyond the current semester. Lincoln College president, David Gerlach, said, “Lincoln College has been serving students from across the globe for more than 157 years. The loss of history, careers, and a community of students and alumni is immense.”

Lincoln College is one of more than 1,000 other schools that were hit by ransomware in 2021. According to an industry report, last year, ransomware directly impacted eighty-eight educational organizations, including 62 school districts and 26 college and university campuses across the country, disrupting learning at 1,043 individual schools. In 2022, at least 14 universities have been impacted by ransomware. Schools have become attractive targets because they possess an immense amount of unique and sensitive data. The schools store data, including personally identifiable information (PII) of students, faculty, staff, parents, donors, and other partners. The data, if captured and held for ransom, can be used to bring institutions to their knees.

Every year, new students travel to and from school buildings all the time, carry various personal devices, and access different networks and data. Within commercial or private sector companies, the data is usually accessible only to employees and often on a ‘need to know’ basis. University data is shared with global academics, students, and professors who access resources on their own unpatched devices, over which universities have little or no control. Even after schools pay the ransom, if they were to do so, it can take months to recover from ransomware attacks. Another reason why ransomware is targeting schools is that they run on a very tight schedule and administrators are willing to pay a ransom to keep classes going.

The CISA and the FBI issued a joint advisory warning that K-12 educational institutions were targeted by malicious threat actors for extortion and data theft. The FBI’s Cyber Division issued a warning that PYSA ransomware was increasingly targeting system admins of educational institutions. Numerous US Senators asked the Department of Education and the Department of Homeland Security to strengthen K-12 schools’ cybersecurity defenses across the nation to prevent upcoming ransomware attacks.

Ransomware is a constant threat to the US education system and that’s why it’s important for schools, colleges, and universities to remain alert to the current threat landscape and regularly backup schools’ databases and safeguard PII. At SpearTip, our certified engineers work continuously at our 24/7/365 Security Operations Centers monitoring educational institutions’ data networks and are ready to respond to events at a moment’s notice. SpearTip will examine the security posture from the top down to improve their networks’ weak points. We engage in their people, processes, and technology to measure the maturity of the technical environment. The ShadowSpear platform provides cloud-based solutions collecting endpoint logs and detecting sophisticated advanced threats with comprehensive insights. SpearTip offers cutting-edge technology dedicated to protecting institutions and quickly identifying, neutralizing, and countering any irregular activities.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.