After Paying Ransomware Attacker, US College Goes Bankrupt - Backup your Data Today

lush college campus

Abraham Lincoln college, an institution of higher learning in the United States (US) is set to permanently close its doors after 157 years in the business of educating students, according to a statement on its website.

One would imagine that the college was an expert at surviving great crises that include "the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis", but that was not the case. The coronavirus global pandemic "dramatically impacted recruitment and fundraising efforts" with students deciding to "choosing to postpone college or take a leave of absence" leaving the institution in a weak financial situation, according to college statement.

Adding salt to injury, a cyberattack in December 2021 "thwarted admissions activities and hindered access to all institutional data" meaning that all systems the college needed to carry out activities related with recruiting, retaining and fundraising efforts unavailable. Access to these systems was only fully restored three months later, by which time, it was too late to survive permanent closure without a financial donation. 

Efforts to raise funding like a GoFundme campaing to raise $20 million, selling assets, changes to staff and leasing buildings has failed to sustain the college. 
Lincoln college fundraise after ransomware attack
Lincoln college fundraising efforts on GoFundme

Information regarding the Lincoln College cyberattack

According the college’s president, David Gerlach, quoted in Edscoop, college internal systems were down though a common App to recieve applications was operating. The ransomware attacker, presumably from Iran, initially asked for $100,000 but got paid "significantly" less, with the amount paid out from a cyber insurance policy the college had taken out beforehand. 

Gerlach says that the college was "fully aware" of the threat ransomware posed considering that neighbouring colleges were getting hit. To that effect, the college IT director, implemented "baseline security measures" like multi-factor authention and left the job afterwards.

After getting paid, ransomware attackers provided a key that failed to unlock encrypted institutional data, though a second key succeeded at bringing additional systems up. This goes to show that paying the ransom is no guarantee to getting your critical data back from the attackers. 

Lessons to apply today to avoid going bankrupt from ransomware attack:

  1. Backup your critical business data, test backups regularly and keep backups offline. Lincoln college paid a ransom to gain back access to locked-up critical institutional data and systems needed to recruit, retain and fundraise to sustain the activities of the college. Before ransomware is activated, an attacker installs malware to detect, delete and encrypt online backups leaving only offline backups as safe recovery option. Take backups regularly and test that data can be restored back into your systems as part of organizational policy.

  2. Segment network. Ensure that critical systems are operating at a more secure network layer seperate from all other non-critical systems.

  3. Update Operating systems and critical software. Do not put off updating your system when critical updates become available, and upgrade systems using software that is no longer supported by the supplier. 

  4. Access. Limit access to privileged information with using strong passwords and two-factor authentication where possible.

  5. Conduct periodic cyber awareness.Train staff, students and partners on the ever changing tricks cyberattackers use to trick users into gaining access to institutional data and networks using phishing quizzes.

  6. Ransomware solutions. When hit by ransomware, dont panic but look through ransomware decryptors and removal tools that might include the key required to unlock your encrypted data.  
The impact of a cyberattack can have lasting consequences to business reputation and finances though a proactive approach can lower the risk of a successful attack. Continually taking backups, that get tested and kept offline can go a long way in ensuring that the business recovers from damaging ransomware. No institution or business is immune or too small to be attacked. 

Leave us a comment and share story with your networks.

Read more: