Howard University cancels classes after ransomware attack

Washington, D.C’s Howard University has canceled classes after becoming the latest educational institution to be hit by a ransomware attack.

The incident was discovered on September 3, just weeks after students returned to campus, when the University’s Enterprise Technology Services (ETS) detected “unusual activity” on the University’s network and intentionally shut it down in order to investigate.

“Based on the investigation and the information we have to date, we know the University has experienced a ransomware cyberattack,” the university said in a statement. While some details remain unclear — it’s unknown who is behind the attack or how much of a ransom was demanded — Howard University said that there is no evidence so far to suggest that personal data of its 9,500 undergraduate and graduate students been accessed or exfiltrated. 

“However, our investigation remains ongoing, and we continue to work toward clarifying the facts surrounding what happened and what information has been accessed,” the statement said.

In order to enable its IT team to fully assess the impact of the ransomware attack, Howard University has canceled Tuesday’s classes, opening its campus to essential employees only. Campus Wi-Fi will also be down while the investigation is underway, though cloud-based software will remain available to students and teachers. 

“This is a highly dynamic situation, and it is our priority to protect all sensitive personal, research and clinical data,” the university said. “We are in contact with the FBI and the D.C. city government, and we are installing additional safety measures to further protect the University’s and your personal data from any criminal ciphering.”

But the university warned that that remediation will be “a long haul — not an overnight solution.”

Howard University is the latest in a long line of educational institutions to be hit by ransomware since the start of the pandemic, with the FBI’s Cyber Division recently warning that cybercriminals using this type of attack are focusing heavily on schools and universities due to the widespread shift to remote learning. Last year, the University of California paid $1.14 million to NetWalker hackers after they encrypted data within its School of Medicine’s servers, and the University of Utah paid hackers $457,000 to prevent them from releasing data stolen during an attack on its network. 

According to Emsisoft threat analyst Brett Callow last month, ransomware attacks have disrupted 58 U.S. education organizations and school districts, including 830 individual schools, so far in 2021. Emsisoft estimates that in 2020, 84 incidents disrupted learning at 1,681 individual schools, colleges, and universities.

“We’ll likely see a significant increase in ed sector incidents in the coming weeks,” Callow tweeted on Tuesday.