Cyber Incident Victim: Río Hondo College
Date:
Oct 2023
Location:
United States of America
Summary
Río Hondo College experienced a cybersecurity incident that disrupted campus operations, limiting access to its website, school-run tools, and financial aid disbursements for several days before services were restored. The LockBit ransomware gang later claimed responsibility for the attack, listing the institution as a victim and demanding an unspecified ransom. The college acknowledged the cyberattack and initiated an investigation to determine its cause and scope but did not confirm ransomware involvement or disclose whether law enforcement was engaged or a ransom would be paid. This incident aligns with a broader trend of escalating ransomware attacks targeting higher education institutions, with LockBit remaining highly active despite internal challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Río Hondo College, a Southern California community college serving over 31,000 students in the Los Angeles metro region, experienced a cybersecurity incident that disrupted campus operations for multiple days in October 2023. The college first publicly addressed service disruptions through an October 23 Facebook post announcing restoration of website access and school-run tools, though it did not specify when the issues initially began. On October 24, the institution resolved technical problems affecting financial aid disbursements, with payments ultimately distributed to students by October 26. While initial communications did not characterize the disruptions as cyberattacks, the LockBit ransomware gang claimed responsibility on October 31 by adding Río Hondo to its victim list and setting a November 20 ransom payment deadline. College officials subsequently confirmed to Recorded Future News that outages stemmed from a cyberattack but avoided explicitly labeling it as ransomware. The institution initiated an immediate investigation to determine the incident's cause and scope, emphasizing its commitment to data security while withholding details about potential ransom negotiations or law enforcement involvement.
The cyberattack caused measurable operational impacts, including multi-day loss of digital services and delayed financial aid distribution during the academic term. Security researcher Brett Callow identified this as the 69th ransomware attack on a U.S. college or university in 2023, surpassing 2022's total of 44 incidents and establishing a new annual record. This tally excludes institutions affected by separate MOVEit data breaches. The incident occurred amid increased targeting of higher education institutions by ransomware groups, with recent attacks documented at Stanford University and the University of Michigan affecting campus networks and student data. LockBit maintained aggressive operations despite internal tensions, claiming 81 attacks in September 2023 alone, including breaches at New York hospitals, a Virginia school district, and technology firm CDW. Río Hondo's status as a community college aligns with attackers' reported focus on such institutions, though the college's investigation remained ongoing with no public confirmation of data compromise or final resolution at the time of reporting.