Cyber attack causes college to cancel classes
Cyber attack closes college
By Gabriel Lucich
It’s not often that the Oregon City Police Department, the State of Oregon, the Federal Bureau of Investigation, Department of Homeland Security and private business converge on an event that impacts the staff and students of Clackamas Community College.
A cyber attack that began late Thursday night changed all that.
College information technology employees received emergency notifications about an intrusion into CCC’s network servers; it was the first of several attacks against the college network that took place into the early hours of Friday morning. The team responded quickly and began isolating the servers that were under attack. Support personnel swiftly determined that the IP address of the hack came from outside the country. Upon notification of the attack, SureFire, the college’s cybersecurity contractor, Homeland Security and the FBI were notified to provide additional support in the matter.
While the origin of the hack has been traced to a Russian IP address, and the infected servers are being looked at, not all information about the breach is known as the investigation plays out.
On Monday, January 22, the college administration held a meeting on Zoom, to share as much information as possible. While 300 people attended, many more are left in the dark due to communication issues caused by the hack.
“We do not know at this time what data was compromised,” said college President Tim Cook during the Zoom session.
The college activated its Incident Command System to deal with the emergency, creating committees of employees to work through the weekend and deal with different elements of the hack.
“Our first concern was, of course, the students,” said Dennis Marks, the Director of College Safety.
Many systems at the college have been affected. Campus WiFi is down, as is the voicemail system. Even the copy machines are on the hacked network and cannot be used.
The online learning platform used to teach remote classes, Moodle, is based offsite, but due to the log-in protocol, anyone logged off can’t obtain access.
“There are a number of issues we need to address,” said David Plotkin, vice president of Instruction and Student Services. “We want to have everyone able to access classes at the same time, equally. We’re looking at suggestions from academic leaders like chairs and instructional directors. We might have to change things to a rollout, but right now we’re looking at people starting at the same time.”
Other concerns revolved around financial aid dispersals for students, payroll for staff and health insurance benefits. The college administration said that it’s working hard to make sure that the aid is dispersed, and that everyone gets paid, though access was lost to CCC’s payroll system. Offline solutions are being pursued.
Saby Waraich, the head of IT for the college, said that some systems may come online temporarily during the reset, but that it’s important to leave those systems alone until the IT department gives everyone the green light. After that, having users reset all their passwords is the next step.
“We think it’s a ransomware attack,” said Waraich.
According to the Cybersecurity and Infrastructure Security Agency, ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption.
The college has been aware about the cyber risks it faces; nearly two years ago, Waraich said the college needed to put millions of dollars into information technology to combat threats.
The campus is currently open, while online and in-person classes won’t be held until at least Wednesday, Jan 24. According to Dennis Marks, director of college safety, a return to classes on Wednesday is an “aspiration, not a guarantee.”
Student services are available in person on the Oregon City, Wilsonville, and Harmony campuses from 9 a.m. to 4 p.m.
Cook’s closing comments were carefully measured, “We just don’t know how long it’s going to take to get everything back to normal.”
The college has set up a secondary website to share all updates about this ongoing issue.
This is a developing story.