:: IT Managment
campus community that it was working with a “regional cybersecurity firm” to “identify and contain this new strain of ransomware.”
All three of these institutions have taken a minimalist approach in their responses.
Go Beyond the Basics with Communications
Contrast that with Three Rivers, which had to cancel classes for an entire week when it was recently hit by a cyberattack. In a post on its Facebook
page, the college explained that it had hired a third-party computer firm with experience in working with organizations hit by ransomware and was working “ diligently to restore our systems.” The post assured students that when classes resumed, the college would “work with students on assignments, due dates
and exams so that no student is negatively impacted as a result of this event.” However, Three Rivers also created an extensive landing page about the situation and used Facebook and Twitter to provide links to it. The school then put together a comprehensive FAQ to answer the questions students would most care about. That included contact information for specific individuals so that students knew whom to reach out to on campus.
Assume the Worst with Malware
Lakeland CC chose not to assume that its ransomware attack didn’t also disclose personally identifiable information. In its campus notice, the college
explained what happened and how it responded and also encouraged readers
to “closely monitor your bank and card statements and report anything out of the ordinary to your financial institution or card brand.” To provide specifics, the school set up a resource page with advice and best practices about identity protection.
Be Ready to Go Old School
The attackers that succeeded at ITI
Tech did so by replicating an employee’s contact list and sending out emails to faculty and staff that “looked like the real thing,” according to local reporting. There was no thought of paying ransomware. “We don’t do that,” Vice President Mark Worthy told a reporter. Users, who received the spoofed message on Monday, were told
to click on the report that was attached, which one employee did. That set off a “timebomb scheduler” that initiated an attack on Tuesday night. When a diligent IT staffer found suspicious activity Wednesday morning, she immediately disconnected all the servers from the internet, but it was too late. The malware had already encrypted databases, preventing the college from accessing files. While the systems were crippled by the attack, the college turned to paper documents to make sure grades were recorded on time and financial aid issued to the right students.
When ransomware strikes your college or university, all eyes will be studying your response. Make it one worth remembering.