Cyber Incident Victim: Guilford College
Date:
Sep 2020
Location:
United States of America
Summary
Guilford Technical Community College experienced a ransomware attack resulting in unauthorized network access, prompting an immediate campus shutdown to contain the breach and assess its impact. The incident disrupted critical services including student portals and administrative operations, leading to office closures and delayed class resumption. The college was subsequently listed on DoppelPaymer's leak site, indicating potential data exfiltration, though specific compromised information remains unconfirmed. This attack mirrors a similar ransomware incident at another technical college, raising questions about possible connections between the threat actors targeting such institutions. Recovery efforts focused on restoring systems and resuming academic activities while mitigating further risks.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 13, 2020, Guilford Technical Community College (GTCC) in North Carolina experienced unauthorized access to its network, later confirmed as a ransomware attack. The college responded by closing all campuses on September 14 to contain the breach and evaluate its scope. This immediate shutdown aimed to prevent further infiltration and minimize operational disruption. GTCC announced classes would resume in-person instruction on September 21, indicating a week-long suspension of normal activities. The incident marked the second ransomware attack against a technical college in the region, following an earlier breach at Greenville Technical College in South Carolina. While Greenville Tech initially downplayed their incident, threat actors from the Avaddon group later provided evidence of data exfiltration, prompting speculation about undisclosed ransom payments after the college’s listing disappeared from Avaddon’s leak site.
The GTCC attack significantly disrupted campus operations and critical systems. Services including WebAdvisor (used for course registration and records) and Navigate (student success software) became inaccessible during the outage. Multiple college offices closed entirely, though specific departmental impacts were not detailed. DoppelPaymer ransomware operators listed GTCC on their data leak site, publicly claiming responsibility for the compromise. The college did not disclose whether data theft occurred or if negotiations with attackers took place. Recovery efforts focused on restoring systems before the September 21 reopening, though residual service interruptions likely persisted. No student or employee data specifics were confirmed in available reports, and the college’s public communications remained limited following the initial disclosure.