Cyber Incident Victim: Guilford College
Date:
Oct 2022
Location:
United States of America
Summary
Guilford College experienced a ransomware attack by the Hive group, leading to the theft of sensitive student, faculty, and staff data. The institution disconnected affected systems, notified law enforcement, and engaged cybersecurity experts to investigate and restore operations. Hive publicly claimed responsibility, threatening to leak stolen data and posting samples online. The group, known for targeting global organizations across sectors like healthcare and government, typically gains access via phishing. This incident aligns with a broader trend of ransomware attacks on U.S. educational institutions, where threat actors frequently exfiltrate and publish victim data for financial gain. The college committed to notifying potentially impacted individuals as the investigation progresses.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2022, Guilford College in North Carolina experienced a ransomware attack that compromised sensitive data belonging to students, faculty, and staff. The college promptly notified law enforcement, disconnected affected systems, and engaged external cybersecurity experts to investigate the incident and restore operations. While the investigation remained ongoing, the college confirmed evidence suggesting unauthorized actors had accessed sensitive data. Communications were sent to students, faculty, staff, and parents to update them on these findings. The college committed to working around the clock to determine the scope of the data breach and pledged to directly notify individuals potentially affected. On October 21, 2022, the Hive ransomware group posted samples of stolen data on its leak site, publicly claiming responsibility for the attack and threatening further data leaks. Guilford College acknowledged Hive’s post and collaborated with cybersecurity professionals to review the leaked files. The college characterized the incident as part of a pattern of financially motivated attacks targeting organizations like theirs.
The Hive ransomware group, identified by the FBI, CISA, and HHS as a prolific threat actor, had extorted over $100 million from more than 1,300 global victims between June 2021 and November 2022. Their operations targeted critical infrastructure sectors, including healthcare, government facilities, manufacturing, and education, often gaining initial access via phishing emails with malicious attachments. Guilford College’s attack coincided with a surge in ransomware activity against U.S. educational institutions during the Thanksgiving period, including Cincinnati State College (targeted by Vice Society) and Centura College (attacked by BianLian). According to ransomware expert Brett Callow, at least 35 U.S. colleges and universities suffered ransomware attacks in 2022, with data exfiltrated and leaked in 24 cases. The incident disrupted Guilford College’s operations, necessitating system isolation and recovery efforts, while raising concerns about the exposure of personal and institutional data. Hive’s history of high-impact attacks included forcing a California healthcare facility to shut down in March 2022 and compromising Romania’s largest oil refinery in February 2022, underscoring the group’s operational scale and the cross-sector nature of the threat.