Ransomware Attack Shuts Down Michigan Community College
A ransomware attack forced Michigan-based Kellogg Community College (KCC) on May 3 to close its campuses and cancel classes. Operations resumed the following day.
“While our investigation into this incident continues with the support of independent advisers, we have made great progress in our restoration efforts and these third-party experts have confirmed that our systems are safe and secure to interact with,” KCC said.
James McQuiggan is security awareness advocate at KnowBe4.
“Cybercriminals know that educational institutions lack a solid cybersecurity culture that large enterprise organizations typically maintain,” he said. “Thus, they make them prime targets for social engineering attacks.”
While resetting passwords for all the accounts is one step, the concerning factor is what data was stolen and can be exploited against the school, the faculty or the students, McQuiggan said. Cybercriminals want to make money from this attack, and they will go after the victims of the data collected to earn something for their time and trouble.
“Other organizations that shut down their systems for several days suffer the impact of lost business, and thus smaller organizations may end up being shut down for good,” he said. “I have the feeling college students did not mind a few extra days for a break from classes. But at this time of the year, when it is exam time, it might have been more stressful and concerning to them to not have access to the systems or worse, that their grades and hard work would be lost from the past semester. It certainly would have put the school in a challenging situation, not only with the cybercriminals, but with their students, too.”
Chris Clements is vice president of solutions architecture at Cerberus Sentinel. He said the timing of this attack is interesting in that the campus network shutdown occurred when many institutions are going through finals week.
“Without accurate attacker attribution, nothing is for certain, but this could be an example of either a cybercriminal gang waiting until a critical moment to launch their ransomware to maximize pressure on the organization to quickly pay out, or an insider potentially looking to delay what for many can be a stressful time,” he said.
