Lincoln College Closes Due to Ransomware Attack

Lincoln College became the first U.S higher education institution to close in part due to a cyber attack on May 13, 2022.

The historically black college in Illinois announced the closure after 157 years, citing the irreversible financial impact of a 2021 ransomware attack and the COVID-19 pandemic.

“Lincoln College has notified the Illinois Department of Higher Education and Higher Learning Commission of permanent closure, effective May 13, 2022. The Board of Trustees has voted to cease all academic programming at the end of the spring semester.”

Opened on President Abraham Lincoln’s birthday in 1865, Lincoln College reached record enrollment levels in 2019, but saw numbers sharply decline during the COVID-19 pandemic. This impacted their financial stability, putting them in a vulnerable position when they suffered a ransomware attack in December 2021.

The ransomware attack is believed to have originated in Iran. Though the college opted to pay the reportedly $100,000 to $115,000 ransom, the  effects of the attack were irreversible, which the college outlined below:

“Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections. All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

While Lincoln College may be the first higher education institution in the U.S. to shut down in part due to a cyber-attack, chances are they won’t be alone forever.

In fact, a recent report estimates over 1,000 schools in the United States were victims of ransomware attacks in 2021. A quick Google search for “higher education ransomware attacks” reveals how frequent and impactful  ransomware attacks on higher education are today.

To put the danger of ransomware in perspective, before they were attacked, Lincoln College survived the 1918 Spanish flu pandemic, the Great Depression, two world wars and the Great Recession.

Would they have survived the COVID-19 pandemic without the ransomware attack? Nobody knows the answer to that, but their odds would likely have been  a little better.

So how can higher education institutions and businesses in general protect themselves from similar attacks?

Secure Back up Methods

Schneider Downs strongly encourages organizations to emphasize building robust recovery controls and capabilities such as secure backup and disaster recovery (DR) processes. Having offline backups is a plus, as is implementing network segmentation of backup traffic and management.

And while having DR systems connected to the domain (or domain authenticated) might not be the most secure choice, it does offer some protection.

Cyber Insurance

Organizations that want to be prepared for an attack like this need to determine if they should purchase cyber insurance and ensure that they have purchased an amount that can help them recover for losses incurred. 

However, while cyber insurance can be an important business tool against cyber breaches, our recent article Cash and Controls: Qualifying for Cyber Insurance in 2022 explains why insurance is not a panacea for all organizations.

Employee Education

While the root cause of the December ransomware attack was not released, in many cases the initial breach occurs through end user error.

In an interview with WAND News, Sean Thomas, Senior IT Risk Advisory Manager at Schneider Downs, encourages organizations to make sure its employees are aware of the types of the attacks they may face and how to identify warning signs of a potential attack. Whether they learn  this through simulated phishing attacks or periodic training, a better-educated employee is a more secure one. 

Related Links

 About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit or contact the team at [email protected].

In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Tis the Season: Unwrapping the Top Holiday Scams of 2023
Squish the Quish – Stop and Think Before You Access a QR Code
SEC Charges SolarWinds and CISO Timothy Brown For Misleading Investors
Gainful Employment Disclosures in Higher Education
Think Before You Click: Fake Browser Updates are Back in Style
Protect Your Manufacturers: 3 Common Cyber Attack Methods to Watch Out for in 2023
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.