Cyber Incident Victim: Pellissippi State Community College
Date:
Dec 2021
Location:
United States of America
Summary
Pellissippi State Community College experienced a ransomware attack causing a widespread network outage across all campuses, prompting immediate containment efforts and activation of its Cyber Incident Response Plan. The institution engaged computer forensics experts and law enforcement while working to restore systems, with the full scope of the incident remaining under investigation. This disruption occurred independently without affecting other Tennessee Board of Regents community colleges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 6, 2021, Pellissippi State Community College publicly disclosed a network outage initially reported the prior day (Monday). By Tuesday, the institution confirmed the outage resulted from a ransomware attack, though the full scope of compromised systems and data remained under active investigation. The college implemented containment measures to isolate the threat, successfully preventing further spread within its network infrastructure. All network connections across all campuses remained non-operational during this period, severely disrupting administrative and academic operations. Pellissippi State activated its predefined Cyber Incident Response Plan, initiating coordinated efforts to restore systems while preserving forensic evidence. This plan included engaging external computer forensics specialists to assist with attack analysis and collaborating with law enforcement agencies on the investigation. No evidence suggested the ransomware incident impacted other institutions within the Tennessee Board of Regents system, which oversees 13 community colleges statewide.
The attack caused comprehensive network downtime affecting all campuses, though specific compromised systems and operational impacts beyond connectivity loss were not detailed in public statements. Restoration efforts prioritized returning computer systems to normal operations while maintaining investigative integrity. The college committed to providing ongoing public updates through a dedicated webpage but did not disclose ransomware variant details, payment demands, or data exfiltration evidence. No student or employee data breaches were confirmed at the time of the announcement. Response activities focused on forensic analysis to determine attack vectors, duration of unauthorized access, and potential data exposure. Pellissippi State maintained operational continuity through alternative procedures while network restoration continued under guidance from cybersecurity professionals and law enforcement partners.