Ransomware the final nail in coffin for small university

A December attack against a long-standing US college has pushed the institution to permanently close. 

After 157 years, Lincoln College, the rural Illinois university with an average of 1,100 students, is shutting its doors following years of rapid decline triggered by COVID-19 and compounded by the ransomware attack.

The ransomware assault that hit in December 2021 originated in Iran, college president David Gerlach told the Chicago Tribune. According to Lincoln's closure letter, the attack hindered access to all institutional data, interrupted admissions and took retention, fundraising and recruitment systems offline.

The College said that no personal identifying information was exposed.

Gerlach told the Tribune that it cost Lincoln an unspecified amount less than $100,000 to restore the systems. "Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester," the College said.

Attempts to raise funds, sell assets, consolidate jobs and other money-making schemes failed to materialize the $50 million Gerlach said the university would have needed to keep going.

• IT outage at Scotland's Heriot-Watt University enters second week
• Cyber insurance model is broken, consider banning ransomware payments, says think tank
• The policy of truth: As ransomware claims rise, what's a cyber insurer to do?
• UK colleges and unis urged to prepare for ransomware before it's too late

Now, after surviving "the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis, and more," it's lights out, lost jobs and students left to hunt for new schools.

Lincoln's shutdown: Avoidable?

Lincoln College has been light with specifics about the attack, which raises a big question: Was the university doing all it could to secure its systems and users? 

"The economic burdens initiated by the pandemic required large investments in technology and campus safety measures, as well as a significant drop in enrollment with students choosing to postpone college or take a leave of absence," the university stated in the letter. 

Indiana University's Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) is a higher education threat intelligence group. It pools threat data, provides intelligence feeds and actionable alerts, penetration testing and more. Lincoln College was not among the 708 institutions from around the world who are part of the group, REN-ISAC director Kim Milford told NBC News. 

Performing regular backups is among the most common advice for businesses, and with good reason: Ransomware isn't an ingress strategy, meaning there are countless ways for an infection to get into a system.

Trying to plug each one can quickly become an exercise in futility, especially without the threat intelligence necessary to know which to prioritize. ®