Cyber Incident Victim: Guilford Technical Community College
Date:
Sep 2020
Location:
United States of America
Summary
Guilford Technical Community College experienced a ransomware attack resulting in unauthorized network access, prompting the temporary closure of campuses and disruption of critical services including WebAdvisor, Navigate, and administrative offices. The incident forced a delay in resuming in-person classes and led to the institution's listing on DoppelPaymer's leak site, suggesting potential data compromise. This attack followed a similar ransomware incident at another technical college, though no confirmed link between the operators was established. The college's response focused on containment and impact assessment while services remained partially affected during recovery efforts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 13, 2020, Guilford Technical Community College (GTCC) in North Carolina experienced unauthorized access to its network, later identified as a ransomware attack. The college responded by closing all campuses on September 14 to contain the breach and evaluate its scope. This shutdown disrupted campus operations and critical online services, including WebAdvisor and Navigate, which handle student enrollment and academic advising. Multiple college offices suspended operations during the incident. GTCC announced plans to resume in-person classes on September 21, indicating a week-long disruption to academic activities. The attack coincided with network outages affecting institutional systems, though the college did not initially disclose whether data exfiltration occurred.
GTCC appeared on DoppelPaymer’s ransomware leak site, suggesting attackers claimed possession of stolen data, though no specific evidence or data categories were publicly verified. This incident followed a similar ransomware attack on Greenville Technical College in South Carolina, where threat actors from the Avaddon group allegedly exfiltrated information before the college’s listing vanished from leak sites. Both technical colleges faced operational paralysis from ransomware, though no confirmed link between the attacks was established. GTCC removed its initial public notice about the incident, which had described service disruptions and containment efforts. The college provided no further updates on investigation outcomes, ransom demands, or data compromise verification at the time of reporting.