Hackers carefully considered the timing of the Oct. 5 cyberattack on Heartland Community College.
“We could see that there was heavy activity starting at about 1 a.m., so it was intended and targeted to be disruptive,” said Heartland Chief Information Officer Scott Bross.
The college started seeing systems problems at the beginning of the business day, 7-8 a.m. He said there were multiple tools used to crash systems and equipment, and even some encryption of data, a common tactic for those who try to pry ransom money out of institutions in return for access to their own data. Forensic examinations have yet to show any student or staff data was taken away.
“They took out a lot of our servers, over 120 of our servers," said Bross. “We have about 250 servers. You can imagine a small town. If more than 60% of the houses were wiped out in a tornado, those that were still standing wouldn’t have electricity, wouldn’t have water. We were really left without function.”
The road back remains long. Most student functions are running. Bross said the library will open Wednesday, though without access to some external scholarly databases. Bross briefed the HCC Board of Trustees Tuesday evening. He told WGLT the college has many departmental functions and even some support functions yet to go. Heartland also will accelerate existing plans to put some systems in the cloud rather than recreate existing structures, he said.
“We prioritized our student-facing functions first and then we are bringing our business services back, and I think we have a couple of weeks before we hit that 80% or 90% mark. I think it may take us a few more weeks or a couple months to get through all of the smaller systems,” said Bross.
He said the college has done security analyses as they bring services back. And with a fresh start, Bross said they are sometimes changing the look of things in the middle of "putting the world back together.” The restoration also includes better and more modern protections for users, Bross said.
HCC does not yet have a cost estimate for recovery from the attack. Bross said a lot is in human resources to recover the hardware, install firmware, install operating systems from scratch, and then restore data from backups.
The cost may eventually be substantial. A ransom note was left on a server at Illinois Valley Community College during an attack in April. The IVCC board earlier this month approved a contract for more than $250,000 with a firm that helps entities following cyberattacks.
With two community colleges attacked in Illinois within six months of each other, the question arises, what’s with community colleges and attacks? Bross says it’s more likely to be just that both are colleges.
“One of the struggles we have is we’re not a bank. We’re not other corporations that you might consider as variations of Fort Knox. Our job is to support students and support the community. We need to provide an open campus that students can get into and engage and do different programs and when you are trying to provide an environment that’s open like that, it adds to the complexity when we are trying to secure some systems, too,” said Bross.
Such attacks happen more than you might think, said Bross, adding there was a big increase nationally last year. Bross said he thinks the pandemic has created another surge of cyberattacks to take advantage of people working at home who may have vulnerabilities on their home computers.
“Prior to COVID, we always saw the biggest surges on holidays. We saw them on July 4, Christmas, on Thanksgiving, and the beginning of summer,” said Bross. “When people are distracted with other things, the cybercriminals are aware of that and they try to take advantage."
The FBI is among the law enforcement organizations investigating the HCC attack. The college also has hired a computer forensic investigative firm, according to a college spokesperson.
There’s no subscription fee to listen or read our stories. Everyone can access this essential public service thanks to community support. Donate now, and help fund your public media.