Cyber Incident Victim: Austin Peay State University
Date:
Apr 2022
Location:
United States of America
Summary
Austin Peay State University experienced a ransomware attack prompting an urgent directive to disconnect from its network. The institution contained the incident and restored its learning management system, though some users reported lingering access issues. The event drew criticism for reliance on social media alerts and typographical errors in communications. Cybersecurity experts highlighted this as part of a rising trend targeting under-resourced educational entities, noting such attacks frequently disrupt operations and risk data exposure across the sector.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 27, 2022, Austin Peay State University (APSU) experienced a ransomware attack that disrupted its network operations. The university first publicly acknowledged the incident through its official Twitter account, urgently instructing students, faculty, and staff to disconnect their devices from the APSU network immediately. This alert was reinforced by the university police department, which placed a prominent banner on its website directing individuals to shut down all computers connected to campus systems. At approximately 2:26 p.m., emergency managers issued a campus-wide notification emphasizing the severity of the situation, clarifying minutes later that devices should be powered down entirely. APSU’s IT staff initiated containment procedures, believing they had isolated the threat by the same day. Despite the disruption, the university maintained its academic schedule, as the attack coincided with the final day of classes before a scheduled study day and exam period. By April 28, APSU confirmed operations were resuming, with employees expected to report normally and instructions disseminated via email. The university’s Learning Management System (D2L) was restored at elearn.apsu.edu within hours of the initial disclosure, though some users continued reporting access issues with D2L and the OneStop portal, citing connectivity errors and login failures.
The incident drew attention to broader trends in ransomware targeting educational institutions. Cybersecurity experts Brett Callow and Allan Liska contextualized the attack as part of a surge in 2022, with APSU representing the 12th U.S. university or college victimized that year. Callow noted data theft occurred in at least 10 of these cases, including attacks linked to the BlackCat (ALPHV) ransomware group. Liska highlighted that 37 publicly reported ransomware incidents affected schools in the first three months of 2022 alone, surpassing rates from previous years. APSU faced criticism for relying on Twitter as a primary communication channel during the outage, with stakeholders questioning the adequacy of notifications given email system inaccessibility. The university’s inconsistent spelling of “ransomware” in alerts (e.g., “Ransomeware” and “Ransom ware”) also drew public scrutiny. While APSU avoided class cancellations due to the timing of the attack, the incident underscored systemic challenges in higher education cybersecurity, including budgetary constraints and inconsistent adoption of basic safeguards like multi-factor authentication (MFA). The specific ransomware variant, perpetrators, ransom demands, and whether data was exfiltrated remained unconfirmed at the time of reporting.