Lincoln College is the first US college or university ransomware affected so badly that it could not cope and had to close shop.
Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois Department of Higher Education and Higher Learning Commission and posted a goodbye note on its website.
“Lincoln College has survived many difficult and challenging times – the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis, and more, but this is different. Lincoln College needs help to survive.”
The institution struggled during the ongoing pandemic and a December 2021 ransomware attack only challenged it further. Lincoln said the attack “thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections”.
” All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”
The closing of a US college or university marks another first in ransomware attack history. Director of Research and Education Networks Information Sharing and Analysis Center (ISCA) Kim Milford told NBC News, which first broke the story, that a school closing only underscores the toll a ransomware attack can take on its victim. “I feel really bad for Lincoln College and wish there was some way we could help, but it can be a very expensive proposition when you’re hit by ransomware,” she said.
How to avoid ransomware attacks
- Require the use of multi-factor authentication (MFA). It might feel like a bother, but MFA is relatively easy to set up, and it doesn’t disrupt normal day-to-day activities.
- Install security software on all systems. Use one that offers multiple layers of protection against online threats, especially ransomware.
- Patch as soon as you can. Universities rely on various software for various tasks. Keeping it all up-to-date means cybercriminals can’t exploit existing and known flaws.
- Promote awareness for all faculty members and staff. Educating university employees to help them understand their part in protecting the university from cyberattacks is essential. Remember that this is every faculty, school staff, and students’ responsibility, not just the people in IT.
- Back up your files. When it comes to ransomware attacks, this is one of the pieces of advice we give out. But as we found out, you have to know how to back things up properly. This episode of our Lock and Code podcast is worth a listen, where Matt Crape, technical account manager of VMWare, to learn more about why backups fail us when we need them the most.
If you want to read more about how to protect yourself from a ransomware attack, or how to recover if you are in the midst of one, download our Ransomware Emergency Kit.