Lincoln College Closes Due to Ransomware Attack

Lincoln College became the first U.S higher education institution to close in part due to a cyber attack on May 13, 2022.

The historically black college in Illinois announced the closure after 157 years, citing the irreversible financial impact of a 2021 ransomware attack and the COVID-19 pandemic.

“Lincoln College has notified the Illinois Department of Higher Education and Higher Learning Commission of permanent closure, effective May 13, 2022. The Board of Trustees has voted to cease all academic programming at the end of the spring semester.”

Opened on President Abraham Lincoln’s birthday in 1865, Lincoln College reached record enrollment levels in 2019, but saw numbers sharply decline during the COVID-19 pandemic. This impacted their financial stability, putting them in a vulnerable position when they suffered a ransomware attack in December 2021.

The ransomware attack is believed to have originated in Iran. Though the college opted to pay the reportedly $100,000 to $115,000 ransom, the  effects of the attack were irreversible, which the college outlined below:

“Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

While Lincoln College may be the first higher education institution in the U.S. to shut down in part due to a cyber-attack, chances are they won’t be alone forever.

In fact, a recent report estimates over 1,000 schools in the United States were victims of ransomware attacks in 2021. A quick Google search for “higher education ransomware attacks” reveals how frequent and impactful  ransomware attacks on higher education are today.

To put the danger of ransomware in perspective, before they were attacked, Lincoln College survived the 1918 Spanish flu pandemic, the Great Depression, two world wars and the Great Recession.

Would they have survived the COVID-19 pandemic without the ransomware attack? Nobody knows the answer to that, but their odds would likely have been  a little better.

So how can higher education institutions and businesses in general protect themselves from similar attacks?

Secure Back up Methods

Schneider Downs strongly encourages organizations to emphasize building robust recovery controls and capabilities such as secure backup and disaster recovery (DR) processes. Having offline backups is a plus, as is implementing network segmentation of backup traffic and management.

And while having DR systems connected to the domain (or domain authenticated) might not be the most secure choice, it does offer some protection.

Cyber Insurance

Organizations that want to be prepared for an attack like this need to determine if they should purchase cyber insurance and ensure that they have purchased an amount that can help them recover for losses incurred. 

However, while cyber insurance can be an important business tool against cyber breaches, our recent article Cash and Controls: Qualifying for Cyber Insurance in 2022 explains why insurance is not a panacea for all organizations.

Employee Education

While the root cause of the December ransomware attack was not released, in many cases the initial breach occurs through end user error.

In an interview with WAND News, Sean Thomas, Senior IT Risk Advisory Manager at Schneider Downs, encourages organizations to make sure its employees are aware of the types of the attacks they may face and how to identify warning signs of a potential attack. Whether they learn  this through simulated phishing attacks or periodic training, a better-educated employee is a more secure one. 

Related Links

• Lincoln College – Abraham Lincoln's Namesake College Set to Close After 157 Years
• WAND News – Ransomware, Pandemic Brought Down Lincoln College  

 About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at www.schneiderdowns.com/subscribe.