Truman Networks Restored After Cyberattack
On the morning of Friday, April 21, Truman ITS found evidence of what appeared to be virus on the University network. In an effort to mitigate potential spread, all Truman-issued Windows-based devices and services were powered down and remained inactive, along with the campus network, while ITS responded to the incident. During this time, the University also engaged a firm of outside experts, resulting in a cybersecurity resource dispatched to be onsite throughout the week to help resolve the issue.
ITS promptly alerted law enforcement at the time of the incident and it was verified as a form of malware. ITS worked with agents from FBI field offices in Kirksville, Kansas City and St. Louis, as well as the Department of Homeland Security, on possible solutions.
On Monday, April 24, ITS conducted preliminary assessments of most primary campus workstations at risk for this particular form of malware and began installing a security patch. By Tuesday, April 25, some network services were brought back online. Additional services were restored throughout the week, culminating with the resumption of email service, Friday, April 28.
“Some new technology was at our disposal thanks to our outside partner,” said Donna Liss, chief information officer. “There was a lot of collaboration across University departments and with our external partners to bring this to as quick of a resolution as possible, and we will continue to stay vigilant.”
The exact point of origin for the malware, and how it accessed the Truman network, is still under investigation. While this appears to be a ransomware attack, the University did not make a payment. Specific details about the incident, including the steps Truman took to minimize its effects and the cybersecurity experts the University consulted, will not be disclosed so as not to share potentially valuable information with criminals.
This incident is part of a rash of recent attacks directed at colleges and universities in the U.S. At least 44 colleges or universities, and 45 U.S. school districts, were hit with ransomware attacks in 2022. Since January 2023 there have been 27 confirmed ransomware attacks in higher education.
“While this attack resulted in a major disruption with only two weeks left in the semester, I am enormously impressed and grateful for how our campus responded,” said University President Sue Thomas. “The patience, creativity, resilience and care shown by our faculty, staff and students is remarkable, as is the extraordinary effort of ITS to get our systems operative within a week. What ITS accomplished in such a short time is absolutely amazing.”
At this time, it is not believed any of Truman’s enterprise systems with personally identifiable information were accessed. The University is still assessing what personally identifiable information, if any, may have been accessible in other parts of the network. While there is currently no evidence personally identifiable information was taken, out of an abundance of caution, Truman will provide the opportunity to enroll in identity theft protection free of charge. Information on how to enroll will be provided in the near future.
ITS has prepared a website with tech tips specific to this event that can be accessed at wp-internal.truman.edu/its/updates.