Cyber Incident Victim: Tennessee Wesleyan University
Date:
Jan 2021
Location:
United States of America
Summary
Tennessee Wesleyan University experienced a ransomware attack that encrypted certain files and disrupted campus operations, prompting an immediate shutdown of all networks shortly before 10 a.m. on the day of the incident. The institution collaborated with local authorities, the Tennessee Bureau of Investigation, and a cybersecurity team from its insurance provider to investigate the breach and restore systems, though no details regarding the perpetrators or specific ransom demands were disclosed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On January 21, 2021, Tennessee Wesleyan University experienced a ransomware attack that disrupted campus operations. The attack targeted the university's network in the early morning hours of that Friday. Campus officials detected the incident and initiated a full network shutdown by approximately 10 a.m. to contain the threat. The attackers encrypted certain university files and demanded ransom, though specific details about the ransom amount or payment demands were not disclosed publicly. All institutional networks remained offline following the containment measure, affecting academic and administrative systems across the campus. University leadership immediately engaged local law enforcement authorities and notified the Tennessee Bureau of Investigation (TBI) to assist with the criminal investigation. TWU also activated its insurance provider's dedicated cyberattack response team as part of the coordinated incident response. No evidence suggested unauthorized access to sensitive personal data at the time of initial reporting, though the full scope of data impact remained under assessment.
The university maintained network shutdowns through at least January 22 while recovery efforts progressed. Officials issued a press release confirming the attack but did not identify the responsible threat actors or specify the ransomware variant involved. Recovery operations focused on restoring systems from backups and verifying their integrity before bringing services back online. The investigation involved collaboration between TWU's internal IT personnel, external cybersecurity experts from the insurance team, and law enforcement agencies. Academic and administrative functions experienced disruptions during the network outage, though the university did not quantify operational or financial impacts. No public communications indicated whether the institution negotiated with attackers or paid any ransom. The response prioritized system restoration and forensic analysis to determine the attack's entry point and full technical consequences.