“The thing that has made it so frustrating for us is, we feel like our students have been through so much over the last year. So many of them have hung in there with us, persisted, shown great resilience, and really worked hard. And to have the semester interrupted by a criminal act has just been really frustrating.”
That’s how Jeff Lowrance, vice president for communication, marketing, and public relations at Central Piedmont Community College (CPCC), described the recent ransomware attack on the school.
On Monday, Feb. 22, some classes at CPCC resumed after a ransomware attack shut down the college for almost two weeks. The attack — which caused the school to speed up the transition of their new learning management system, wiped out spring break, and spurred a state and federal investigation — disrupted almost all of the college’s day-to-day operations.
The ransomware attack occurred on Wednesday, Feb. 10. That evening, the IT department of CPCC discovered something was amiss in the school’s information technology systems. They quickly gathered team leaders and realized the severity of the issue. In what Lowrance described as a heroic effort, the IT team worked through much of the night taking down major systems at the college.
Ransomware is a type of malware that threatens to publish a company or individual’s data from a computer. The data is typically personal information like social security numbers or online banking information. When a ransomware attack occurs, the data is encrypted and it becomes inaccessible unless a ransom is paid. The ransom can be anywhere from $500 to millions of dollars.
When it became apparent that a major systems shutdown was necessary, CPCC started sending information to students and employees that there would be no classes the following day. The shutdown meant interruptions to everything from the college’s email to Blackboard, the learning management system (LMS) that CPCC has been using to deliver courses online. Prior to the ransomware attack, CPCC was planning to eliminate Blackboard and replace it with another LMS called Brightspace. Brightspace was planned to be fully operational by fall 2021, but the ransomware attack has expedited the roll-out process — requiring faculty to make the switch mid-semester.
Without an email system, CPCC was left with only its critical alert system, which uses text messaging and voicemail. The college still had use of its website, which allowed it to create a webpage to update employees, students, and the public about the ransomware attack and technology interruptions. “Within 24 hours we had a webpage created, and we were posting announcements and updates,” Lowrance said.
At the same time, leaders from CPCC were contacting state and federal agencies about the cyberattack. Those agencies “are doing an exhaustive digital investigation, working hard to determine exactly how the intrusion occurred, and looking for evidence that might lead to the identity of the person or persons behind the attack,” Lowrance said. Thus far, the investigation has not found any evidence that student or employee data or information were compromised, nor any data that’s shared between the college’s partners and vendors.
Only a few face-to-face classes managed to continue meeting during the shutdown. In an announcement on Feb. 17, CPCC said it would resume all on-campus classes, online classes that use Brightspace, and online portions of hybrid classes that are in Brightspace beginning Monday, Feb. 22. CPCC intends to move all online classes to Brightspace by March 1, allowing all classes to resume.
Besides canceling classes, the cyberattack upended much of the day-to-day operations of the college — requiring employees to work remotely and turning the planned spring break on March 8-12 into instructional days.
“This is unfortunately the only way to keep students on track to complete the spring semester on time,” a CPCC announcement said. “This is important, especially for those of you in the last semester of your program of study who absolutely need to complete your program on time.”
In a recent phone call with EdNC, CPCC President Kandi Deitemeyer said, “This is a vicious attack on our institution. It is going to have a profound effect on our students, as well as our faculty and staff. Our hearts are heavy.”
Deitemeyer went on to say that, “What I know about our students is that they are not only resilient, but they are steadfast. No entity, no threat actor, should try to take the ability of someone’s educational path from them. A ransomware attack feels very business oriented. It feels very operational. When you hit an institution of higher learning, this is about people, because we are in the people business.
“But our posture is going to be that we’re going to come back and we’re going to come back stronger. We’re going to be a much more adaptable and flexible organization — which we were already learning inside the pandemic, so this has made us much more nimble. But we are not going to be deterred. We’re not going to be deterred by anybody on delivering our mission and doing it to the best and highest quality,” Deitemeyer continued.
CPCC is one of three community colleges in North Carolina to experience a cyberattack in the past two years. In July 2019, a Trickbot locked and encrypted Richmond Community College’s Windows-based servers. And in September 2020, Guilford Technical Community College (GTCC) was the victim of a ransomware attack that required the FBI and other state agencies to get involved.
When asked what other schools needed to be aware of, Lowrance reiterated the importance of preparedness. “Colleges should establish contacts with state and federal authorities, and perhaps discuss their systems beforehand — making sure they are in as good of a position as they can be. When you’re unable to conduct classes and carry out business, it puts you in a tough position,” he said.
Editor’s note: In the coming months, EdNC will continue to explore cybersecurity and will report on the North Carolina Community College System’s infrastructure, the work that’s been completed, and plans to prevent future cyberattacks.