Cyber Incident Victim: New Mexico Highlands University
Date:
Apr 2024
Location:
United States of America
Summary
New Mexico Highlands University suffered a ransomware incident that disrupted operations and forced the university to cancel classes. The attack impacted the university's portal authentication functions, requiring all user passwords to be reset. The university took swift action, involving an investigation and the installation of security software on university computers. The incident caused the university to temporarily disable some services, including campus phones and internet connectivity. The university gradually restored services, with full operations resuming after the password reset.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 3, 2024, New Mexico Highlands University (NMHU) identified a technology issue disrupting campus portal authentication functions, prompting the immediate cancellation of all classes scheduled after 3 p.m. that day and all classes on April 4. The Information Technology Services (ITS) department isolated impacted systems to contain the disruption while initiating restoration efforts. By April 5, cybersecurity vendors confirmed the incident as a ransomware attack affecting NMHU and other state entities, though the full scope remained under investigation. ITS began deploying security software on university computers to monitor for malicious activity, requiring all NMHU-issued devices to install this software before regaining network access. Classes were canceled through April 14 across all campuses and centers, with internet, VPN, and authentication services remaining offline during the initial response phase. The university activated its Emergency Operations Center, providing continuous updates via its website, email, text messages, and robocalls, while directing community members to nmhu.edu/eoc for official information.
The ransomware attack necessitated system-wide password resets for all faculty, staff, and students to restore secure access to NMHU accounts, with mandatory changes enforced before users could reconnect to the MyNMHU portal or other university resources. ITS established in-person support at the Purple Pub Computer Lab (Las Vegas), Albuquerque Center, Rio Rancho Center, and Higher Education Centers in Santa Fe and Farmington to assist with password resets and security software installation, prioritizing photo ID verification for account recovery. While internet service resumed on the main campus and Albuquerque, Rio Rancho, and Santa Fe centers by April 14, the Farmington Center’s restoration timeline remained pending. Payroll operations continued via adjusted procedures: direct deposits proceeded unaffected, while paper checks were distributed at the Purple Pub, and employees used Paycom’s website or mobile app for timekeeping during network outages. Academic continuity plans ensured classes would not extend beyond the original semester end date, with faculty determining individualized recovery strategies for coursework, and commencement ceremonies proceeding as scheduled. The university maintained limited on-campus services throughout the incident, including Donnelly Library’s physical operations and HR/payroll assistance at the Purple Pub, while emphasizing administrative leave for non-essential employees and work-from-home protocols where feasible.