Washington, D.C’s Howard University, one of the largest Black Schools in the United States, has canceled online and hybrid classes as it continues to investigate a ransomware attack on its computer network.
The security breach was identified on September 3, just weeks after students returned to campus when the University’s Enterprise Technology Services (ETS) noticed “unusual activity” on the University’s network and intentionally shut it down in order to mitigate the risk and to investigate the incident.
There has been no evidence to suggest that private details of their 9,500 undergraduate and graduate students were retrieved or stolen, but the investigation is still active, the university wrote in a statement.
“Based on the investigation and the information we have to date; we know the University has experienced a ransomware cyberattack. However, our investigation remains ongoing, and we continue to work toward clarifying the facts surrounding what happened and what information has been accessed,” the statement said.
Howard University canceled classes to determine the impact of the ransomware attack, only essential employees were allowed to continue their work. Campus Wi-Fi will also be down while the investigation is underway, though cloud-based software will remain accessible to students and teachers.
“This is a highly dynamic situation, and it is our priority to protect all sensitive personal, research, and clinical data. We are in contact with the FBI and the D.C. city government, and we are installing additional safety measures to further protect the University’s and your personal data from any criminal ciphering,” the university said.
But the university warned that that remediation will be “a long haul — not an overnight solution.”
Howard University is the latest educational institution to be hit by a ransomware attack since the start of the pandemic, with the FBI’s Cyber Division warning that attackers have changed their strategies and are currently focusing heavily on schools and universities due to the widespread shift to remote learning.
Last year, the University of California paid $1.14 million to NetWalker attackers after they encrypted data within its School of Medicine’s servers, and the University of Utah paid hackers $457,000 to prevent them from releasing data stolen during an attack on its network.
In 2021 only, ransomware attackers have targeted 58 U.S. education organizations and school districts, including 830 individual schools, according to the report published by Emsisoft threat analyst Brett Callow last month. Emsisoft estimates that in 2020, 84 incidents disrupted learning at 1,681 individual schools, colleges, and universities.
"The attack on Howard University is yet another sign that cyberattacks are global, interconnected, and evolving. Hackers, drawn by the lucrative potential of holding business-critical data hostage, are launching more sophisticated attacks every day,” Stephen Manley, the chief technology officer at Druva, a data protection software company, said in a statement.