By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daily Post
Ransomware attacks are pretty indiscriminate, attackers know they can get a big payout even from smaller targets like community colleges. NWACC (Northwest Arkansas Community College) is the latest college to fall victim to a ransomware attack. NWACC is a community college in Bentonville, AR, with an enrollment of about 8,000 in 2018. The attack occurred July 30.
School officials realized they had been attacked after networked printers began printing out ransom demands across the campus. College officials did not disclose the amount requested, but did say there are no plans to pay the ransom. College officials have stated that no student records or other sensitive information have not been accessed as part of the attack. As a cyber security professional, I find this unlikely, but one can always hope that they had something in place to prevent a total compromise.
Ransomware is a malicious software meant to lock down systems and data, and frequently siphon off sensitive data to hold that ransom as well. A major tactic in ransomware attacks is to threaten to publicly release sensitive data if the ransom goes unpaid, usually by dumping it on the dark web and selling it to the highest bidder.
The college is unsure how the ransomware infection happened, but they are working with the FBI and an external cyber team on remediation. The college did state that security systems were in place. It is unknown at this time what kind of ransomware they have been infected with.
The school does have cyber attack insurance.
The school remains partially operational, but students have been unable to register for classes, and it appears some students may have been unable to take finals. The school has stated they will accommodate these students as needed.
As of this week, the fall semester start date of the school has been pushed back to Aug. 26 from Aug. 19.
All schools are big targets for ransomware attacks- schools are filled with sensitive student information, and cyber criminals know they can ask for a hefty ransom in exchange for keeping the data safe. Ransomware attacks against schools seem to be increasing. Many schools struggle to provide cyber protections, as they usually are lacking a budget to hire a proper IT department, with many having inadequate staff, and little to no cyber education training budgets.
A federal subsidy bill aimed at reinvigorating schools IT resources is in the works, but faces major hurdles. Taxpayer funds are already stretched thin in the education system, redirecting towards an IT dept is difficult.
For now, as a consumer, keep an eye on the news, and be aware that if a college you or a family member attends suffers a ransomware attack, it is likely you will receive a data breach notification not long after.
Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.