Cyber Incident Victim: BridgeValley Community and Technical College

On or around April 4, 2023, an information security incident occurred at BridgeValley Community and Technical College. The event involved malware that successfully encrypted several systems operating on the school’s internal computer network. This encryption activity directly impacted data security, rendering the affected systems and the information they contained inaccessible to the college. The specific variant or family of the malware was not publicly disclosed by the institution. The attack targeted core operational technology infrastructure, though the exact number of servers, workstations, or other network nodes that were encrypted was not detailed in official communications from the college.

College personnel became aware of the incident on Tuesday, April 4, 2023. Upon discovery, the institution's immediate response was to isolate the compromised systems in an effort to prevent the further spread of the malware across the network. This containment action involved taking the affected systems completely offline, effectively disconnecting them from the broader college network to halt any additional encryption or lateral movement by the threat actor. This action was a critical first step in securing the environment and preventing a wider operational outage. The decision to take systems offline, while disruptive, was a necessary measure to contain the threat and begin the process of securing the network.

Following the initial containment, the college began a diligent effort to restore normal operations. Michelle Wicks, the Director of Outreach and Communications for BridgeValley, stated that the institution places a high value on maintaining the integrity and security of the data held within its systems and that teams were working diligently on restoration. The process of recovery and restoration was acknowledged to be a time-consuming endeavor, requiring a methodical approach to ensure systems were cleaned and rebuilt properly. The college committed to conducting a thorough analysis of the incident to understand its full scope and impact.

A primary focus of the post-incident analysis was to determine whether the malware incident resulted in the compromise of sensitive personal information. The college initiated an investigation to ascertain if the encrypted systems contained any data belonging to students, staff, or other members of the community. The institution publicly stated that if this analysis determined that individuals' sensitive information was involved in the security event, those individuals would be notified directly and in accordance with all applicable laws. The responsibility of protecting the confidentiality of the information it holds was described as a serious matter by the college administration.

The incident caused confirmed disruptions to the college's operations, though the specific academic or administrative functions that were interrupted were not enumerated in public statements. The college apologized for any disruptions the incident may have caused and thanked its community for their patience and continued support during the response and recovery period. The public messaging emphasized a commitment to transparency regarding the impact on personal information, contingent upon the findings of the ongoing forensic analysis. The restoration work and investigation continued beyond the initial public announcement on April 6, 2023.