Cyber Incident Victim: Roanoke College
Date:
Dec 2020
Location:
United States of America
Summary
Roanoke College experienced a cyber incident disrupting network access and file systems, necessitating disconnection of IT infrastructure to contain the attack. The disruption, compounded by pandemic-related challenges, delayed the academic semester and caused widespread network outages affecting shared drives, email, and authenticated online services. While the institution confirmed no data loss on specific departmental and personal drives, restoration efforts remained ongoing with no defined timeline. The incident’s characteristics suggested a ransomware attack, aligning with broader trends of increased cyber threats targeting educational institutions during periods of heightened reliance on digital learning platforms.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 12, 2020, Roanoke College experienced a cyber incident that disrupted institutional operations and data access. The private liberal arts college in Salem, Virginia, with approximately 2,000 students, immediately disconnected its network infrastructure to contain the threat and initiated an investigation. The incident compromised the college's ability to access critical files, prompting IT staff to isolate systems and restrict network connectivity. Subsequent communications advised faculty, staff, and students against using campus computers or accessing Office 365 applications, including email, as these environments remained unvalidated for safety. The disruption occurred amidst ongoing challenges related to COVID-19, compounding operational difficulties during the academic year's conclusion.
The cyber incident necessitated significant academic schedule changes, delaying the spring semester start from January 19 to February 8, 2021. This postponement addressed both restoration requirements and pandemic-related considerations. Network outages persisted following the attack, with the college's website remaining partially functional but inaccessible for features requiring user authentication. By December 22, restoration efforts focused on recovering personal Z: drives and departmental X: shared drives, though no completion timeline was established. Institutional updates confirmed no permanent data loss from these systems despite ongoing accessibility limitations. The college maintained operational transparency through regular status advisories while continuing system recovery work without specifying the attack's technical nature or identifying threat actors.