Most Three Rivers College students will remain out of class for the rest of the week as the college continues to recover from a ransomware attack.
Dr. Wesley Payne, president, said Monday evening that all classes besides nursing and allied health — which have continued to meet throughout the incident — would not resume until after spring break.
Students were scheduled to be out for spring break starting March 9-13.
Payne said Friday the college continues to work with third-party computer security specialists, the college’s insurance company and peers to fully evaluate all systems, perform forensics on those systems and restore the systems to operating status.
“We are in the early stages of this process and will thoroughly examine our systems before bringing them back online,” he said. “At this point, it is too early to determine how long full system restoration will take.”
Ransomware is a form of cyberattack that encrypts files on a computer system until a ransom is paid. Payne said he’s pleased to report there is “no evidence that data was stolen or misused.”
Employees returned to work Monday to discuss the situation and work toward the resumption of all classes as soon as possible. Regardless of how long students may be out of class, Payne said, the end of term will not be pushed back.
“When classes resume, the college will work with students on assignments, due dates and exams so that no student is negatively impacted as a result of this event,” Payne said.
The college detected the cyberattack Tuesday morning and began the process of isolating the problem based on the college IT emergency plan, Payne said.
The chief technology officer informed employees they needed to shut down their computers and asked college leadership to help ensure compliance in their areas. The external locations were contacted as well, Payne said.
“Services were shut down except the college email system and text messaging systems, which were not directly impacted,” he said.
As part of the emergency plan, the college previously bought an insurance policy to assist in the case of a cyberattack.
The insurance company helped arrange a national, third-party computer security company to work with the college IT response team. Payne said the insurance is covering the recovery and forensic efforts of the investigation.
“We also met with the college director of public safety, who notified the Southeast Missouri Cyber Crimes Unit. In response, both the FBI and the Secret Service’s Cyber Crime units were notified,” Payne said.
Through the investigation, these specialists determined the college was a victim of the RYUK strain of ransomware. Forbes magazine reported that particular strand appears to come from Russia or former satellite states, Payne said.
“Unfortunately, the attack has encrypted a significant portion of our files and made it necessary to suspend some computer services,” Payne said. “While the college is a victim of a cybersecurity attack, we have worked diligently and will continue to work diligently to protect our systems against attack.
“As part of our defensive strategy, the college had numerous security measures in place prior to the attack. Despite these efforts, malware can still penetrate a system in a variety of ways. Unfortunately, it is impossible to thwart sophisticated cyberattacks 100% of the time.”
Payne said the recovery process of this attack will take some time.
“Because ransomware has become much more sophisticated and the security of our systems is a high priority, we are working very cautiously in order to ensure we have properly identified every impacted system to safely and securely restore them,” Payne said. “Due to the extremely large quantities of data and the complexities of our systems, this is a slow process.”