RALEIGH — The cyber disturbance that temporarily took out all of Richmond Community College’s internet-based services in July and apparently stunted the college’s fall enrollment was part of a nationwide ransomware attack on higher education institutions that, in one case, lead the governor of Louisiana to declare a state of emergency, according to a report given to the State Board of Community Colleges Thursday.

Jim Parker, senior vice president and chief information officer for the North Carolina Community College System (NCCCS), said that the attack on RCC shows vulnerabilities that could be exploited at the other 58 colleges in the system. RCC was not the explicit target of this attack, Parker explained, but was likely one of many more targets from across the country.

“The issue was pretty much (RCC’s) entire network and critical hardware devices were compromised and encrypted,” Parker said. “Fortunately, the students’ information — to our knowledge and to the FBI’s knowledge — was not compromised.”

The RCC attack was the first time an NCCCS institution had been successfully attacked “in this manner, scale and impact,” Parker said in an email.

“Unfortunately, in our current operational environment it won’t be the last time – it’s just something we have to remain continually prepared to respond,” he said.

Parker said recovery has been slow because, after an attack of this nature, “you’re starting from scratch” and today is “close to done.”

Ransomware is a virus that Parker described as roaming in the background of the network trying to remain undetected while collecting user data and private information, typically aimed at senior leadership to convince them that there is a need to send money somewhere.

No money was sent by RCC to any malevolent source as a result of the attack, according to Parker. He added that, if discovered, ransomware can encrypt everything they have access to and communicate a message demanding money for the encryption to be released. In Louisiana, a state of emergency was declared after phones at three of the state’s school districts were locked and encrypted, according to CNBC.

Parker said that, in addition to RCC staff, 20 members of his staff were engaged in 18-hour days for two weeks working to repair the issues. RCC’s recovery has been expedited by the college leadership’s “poise” in response to the attack which avoided a panic.

“The leadership and the morale at (RCC) is what made the difference. I mean, absolutely impressive,” Parker said. “They took everything in stride. They handled themselves with great poise and composure. If it were not for that it would not have turned out as well.”

Parker said that the system saw indicators of the attack at the beginning of July, “became more serious” in mid-July and the full effects were felt on July 19. There were 1,200 desktop computers were affected by the attack, according to Parker. It is unclear how much this recovery effort cost RCC.

The board discussed coming up with a memorandum of understanding between the state’s information technology departments which would come up with a more cohesive plan of response.

“We’ve not only recovered but we’re stronger and better technically than we were before,” McInnis said at the Richmond County Board of Commissioners meeting on earlier this month. “Improvements have been made in terms of our infrastructure, our network architecture, the anti-malware devices and services and the fact that now we have migrated to Amazon web services.”

McInnis told the commissioners that fall enrollment only increased by 12 students over the totals from fall 2018, despite projections having the increase being significantly higher. He attributed this to the period of time that the college’s internet-based services were down.

All of RCC’s computers are now operating on OneDrive to mitigate file storage issues, a process that was already underway at the time of the attack.

Parker said that when college presidents ask,”Why us?” in regard to cyber attacks, Parker responds that, “The reality is that we are multi-million dollar businesses. We are not big enough to act like a Bank of America, ergo we are a perfect target for something that, frankly, most high school students are learning how to work and manipulate. And the tools of the trade are readily accessible on the internet.”

Gavin Stone | Daily Journal Jim Parker, senior vice president and chief information officer for the North Carolina Community College System, speaks to the State Board of Community Colleges Thursday.
https://www.yourdailyjournal.com/wp-content/uploads/2019/10/web1_IMG_3419.jpgGavin Stone | Daily Journal Jim Parker, senior vice president and chief information officer for the North Carolina Community College System, speaks to the State Board of Community Colleges Thursday.
Report details college’s damage, recovery from July attack

Gavin Stone

Editor

Reach Gavin Stone at 910-817-2674 or [email protected].