Security

Ransomware the final nail in coffin for small university

Lincoln College shuttering after 157 years, ransomware attack from Iran final straw


A December attack against a long-standing US college has pushed the institution to permanently close. 

After 157 years, Lincoln College, the rural Illinois university with an average of 1,100 students, is shutting its doors following years of rapid decline triggered by COVID-19 and compounded by the ransomware attack.

The ransomware assault that hit in December 2021 originated in Iran, college president David Gerlach told the Chicago Tribune. According to Lincoln's closure letter, the attack hindered access to all institutional data, interrupted admissions and took retention, fundraising and recruitment systems offline.

The College said that no personal identifying information was exposed.

Gerlach told the Tribune that it cost Lincoln an unspecified amount less than $100,000 to restore the systems. "Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester," the College said.

Attempts to raise funds, sell assets, consolidate jobs and other money-making schemes failed to materialize the $50 million Gerlach said the university would have needed to keep going.

Now, after surviving "the economic crisis of 1887, a major campus fire in 1912, the Spanish flu of 1918, the Great Depression, World War II, the 2008 global financial crisis, and more," it's lights out, lost jobs and students left to hunt for new schools.

Lincoln's shutdown: Avoidable?

Lincoln College has been light with specifics about the attack, which raises a big question: Was the university doing all it could to secure its systems and users? 

"The economic burdens initiated by the pandemic required large investments in technology and campus safety measures, as well as a significant drop in enrollment with students choosing to postpone college or take a leave of absence," the university stated in the letter. 

Indiana University's Research and Education Networks Information Sharing and Analysis Center (REN-ISAC) is a higher education threat intelligence group. It pools threat data, provides intelligence feeds and actionable alerts, penetration testing and more. Lincoln College was not among the 708 institutions from around the world who are part of the group, REN-ISAC director Kim Milford told NBC News. 

Performing regular backups is among the most common advice for businesses, and with good reason: Ransomware isn't an ingress strategy, meaning there are countless ways for an infection to get into a system.

Trying to plug each one can quickly become an exercise in futility, especially without the threat intelligence necessary to know which to prioritize. ®

Send us news
47 Comments

Stanford University failed to detect ransomware intruders for 4 months

27,000 individuals had data stolen, which for some included names and social security numbers

Yacht dealer to the stars attacked by Rhysida ransomware gang

MarineMax may be in choppy waters after 'stolen data' given million-dollar price tag

UK council won't say whether two-week 'cyber incident' impacted resident data

Security experts insist ransomware is involved but Leicester zips its lips

JetBrains is still mad at Rapid7 for the ransomware attacks on its customers

War of words wages on between vendors divided

Ransomware ban backers insist thugs must be cut off from payday

Increasingly clear number of permanent solutions is narrowing

British Library pushes the cloud button, says legacy IT estate cause of hefty rebuild

Five months in and the mammoth post-ransomware recovery has barely begun

Belgian ale legend Duvel's brewery borked as ransomware halts production

Biz reassures quaffers it has enough beer, expects quick recovery before weekend

LockBit's contested claim of fresh ransom payment suggests it's been well hobbled

ALSO: CISA warns Ivanti vuln mitigations might not work, SAML hijack doesn't need ADFS, and crit vulns

US task force aims to plug security leaks in water sector

From a trickle to a flood, threats now seen as too great to ignore

UK council yanks IT systems and phone lines offline following cyber ambush

Targeting recovery this week, officials still trying to 'dentify the nature of the incident'

Microsoft waited 6 months to patch actively exploited admin-to-kernel vulnerability

PLUS: NSA shares cloud security tips; Infosec training for Jordanian women; Critical vulnerabilities

Nissan to let 100,000 Aussies and Kiwis know their data was stolen in cyberattack

Akira ransomware crooks brag of swiping thousands of ID documents during break-in