Cyber Incident Victim: Lewis & Clark
Date:
Nov 2021
Location:
United States of America
Summary
A ransomware attack targeted Lewis & Clark Community College, prompting the shutdown of all campuses and cancellation of extracurricular activities, including sports. Suspicious network activity detected on a Tuesday led the IT director to disable systems the following day. While hackers infiltrated the network, the institution's president confirmed they did not gain control over it. The incident occurred prior to a holiday period, potentially complicating response efforts due to reduced staffing.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Lewis & Clark Community College in Godfrey experienced a disruptive cybersecurity incident in late November 2021. On Tuesday, November 23, the college's director of information technology observed suspicious activity within the network systems. In response to this detection, the institution proactively shut down its entire computer network the following day, Wednesday, November 24. This containment measure coincided with the college's decision to close all campus locations and suspend all non-academic operations. The shutdown affected extracurricular programming across the institution, including organized sports activities and other campus events. College President Ken Trzaska publicly confirmed that external threat actors had penetrated the network infrastructure. However, he emphasized that the attackers never achieved full administrative control over college systems. The incident's timing immediately preceded the Thanksgiving holiday period when many staff members traditionally take time off or request extended leave. This temporal factor potentially complicated both the attack's operational impact and the institution's response capacity.
The ransomware attack caused significant operational disruptions during the final week of November 2021. College administrators made the decision to maintain campus closures throughout the incident response period, effectively halting normal academic and administrative functions. While forensic details about the attackers' methods weren't disclosed, the presence of ransomware was confirmed as the catalyst for network shutdown procedures. No evidence suggested student or employee data compromise occurred during the breach. Recovery efforts focused on restoring network integrity while preventing further unauthorized access. The college's public communications stressed the preventative nature of the campus closures rather than acknowledging full system takeover by threat actors. Operational disruptions extended through the holiday weekend as information technology personnel worked to secure systems before resuming normal activities.