Cyber Incident Victim: Centralia College
Date:
Feb 2022
Location:
United States of America
Summary
Centralia College experienced a ransomware attack that disrupted online classes and administrative systems, forcing the institution to take affected systems offline to contain the breach. While personal data may have been compromised, the full scope remains unclear; the college collaborated with cybersecurity experts to investigate the incident and restore operations, prioritizing system recovery and mitigation of further risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Centralia College experienced a ransomware attack on or around February 1, 2022, disrupting critical operations across its campus. The cyberattack forced the immediate shutdown of online classes and administrative systems to contain the spread of the malware. College officials confirmed the incident compromised their network infrastructure, impacting student portals, email systems, and internal databases. Faculty and students lost access to virtual learning platforms and digital resources, halting academic activities. Administrative functions including enrollment services, financial aid processing, and payroll operations were also paralyzed. The college’s IT team initiated emergency protocols, isolating affected systems and disabling network connections to prevent further infiltration. External cybersecurity forensic specialists were engaged to assist with the investigation, working alongside local law enforcement and federal agencies. No specific ransomware variant or threat actor group was publicly identified in initial reports. The college issued a campus-wide alert acknowledging the incident but provided limited technical details during the initial response phase.
Recovery efforts focused on restoring core educational and operational systems while investigators analyzed the attack’s origin and scope. College administrators established alternative communication channels, including social media updates and phone trees, to relay information to staff and students during the outage. Critical on-campus services such as security, facilities maintenance, and select in-person classes continued operating with manual processes where possible. The investigation did not initially confirm whether student or employee personal data was exfiltrated or encrypted during the breach. Centralia College declined to disclose whether ransom demands were received or if negotiations occurred with the attackers. System restoration proceeded cautiously, with priority given to reactivating emergency notification systems and essential academic tools. The college maintained coordination with the Washington State Board for Community and Technical Colleges throughout the incident but did not request immediate state or federal financial assistance for recovery costs. No definitive timeline for full system restoration was provided during the initial weeks following the attack.