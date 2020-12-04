When GTCC got hit with a ransomware attack back in September, it seemed pretty serious. The community college closed all of its campuses for a day, and some in-person classes didn't meet on campus until a week after the attack. But the scope of the attack wasn't immediately clear.
There was a little more clarity in October, when a website that reports on cyberattacks found a GTCC file on the dark web that contained pretty detailed personal identification of more than 43,000 students.
And when I reported in November that GTCC had set up a hotline to field calls from potential victims of this cyberattack, the college declined to say how many notification letters it sent out to current and former students and employees whose personal information had been compromised.
I got an answer to that question this week. GTCC President Anthony Clark said at Thursday's Board of Trustees meeting that the college has sent out 72,000 letters so far. GTCC plans to send out more at a later date, Clarke said, because the college is still conducting what he called "data mining efforts," which I took to mean that investigators are still trying to figure out exactly which files the hackers got hold of and what sort of information they contain.
GTCC, with the help of another N.C. community college, continues to restore affected computers and printers. "We're recovering from the incident," Clarke told trustees.
The GTCC letters, by the way, notified potential victims of the cyberattack as required by state law and offered two years of free credit monitoring and ID restoration services. If you're currently or formally affiliated with GTCC and didn't hear from the college, click here to learn how to reach the call center that's fielding questions about the cyberattack.
Cyberattacks like the one that hit GTCC are pretty common these days. According to the state's most recent annual report on data breaches, the N.C. Department of Justice said it was formally notified of 1,210 incidents in 2019 that affected nearly 1.1 million North Carolinians — roughly 10 percent of all state residents, in other words, at a rate of about three per day. The number of reported incidents has climbed each year since 2010.
Slightly more than half of all cyber incidents were hacking and unauthorized access, as in the GTCC incident, according to the state report. No. 2 is phishing, which is a phone call, text message or email that tricks someone into giving up computer passwords or credit card information.
The report said only 88 data breaches happened at educational institutions. Three other sectors — general business, financial services and insurance, and healthcare — reported more cyberattacks to the state justice department. (General business represented nearly half of all attacks; those three sectors together were 85 percent of the incidents.)
This story published this week by the website Decipher, which covers cybersecurity news, writes about what it calls the calculus of ransomware, the type of attack that GTCC sustained. Here's a key takeaway that might help explain why GTCC was a target:
"For several years, ransomware actors focused their attention on individual victims, using large malicious spam campaigns that deployed automated malware to encrypt victims’ files. The ransom demands were typically pretty small, often in the low hundreds of dollars, and the attackers depended on high volumes of successful infections and payments to keep them afloat. That model proved relatively successful, but a few years ago some groups began to shift their targeting to enterprises and state and local government entities, surmising correctly that there was much more money to be made with big game hunting. Those groups found that if they hit the right organization, victims were willing to pay hundreds of thousands or even millions of dollars in order to get their networks back up and running.
"It didn’t take long for the other ransomware groups to take notice and get on the bandwagon, and the last year has seen a major spike in ransomware incidents at organizations across industries, including a rash of attacks on hospitals and health care providers as the pandemic accelerated in the summer and fall. Many of those incidents have ended with payments that make the ransoms from just a year or two ago look laughably small."
The website reports that ransomware demands that once were a few hundred dollars are now reaching into the six- and seven-figure range. GTCC said it did not pay a ransom.
In North Carolina, it might soon be illegal for state agencies to pay off cyberattackers. The Decipher story includes comments from Maria Thompson, the chief risk officer with the N.C. Department of Information Technology, who said state lawmakers are working on a bill that would forbid paying ransoms.
Go read the whole thing. And if you want a steady drip-drip of news on cyberattacks, the ever valuable databreaches.net has you covered. The website reports that this week's victims of ransomware attacks include Kmart, a voter registration database (but not election results) in Alaska and a regional wastewater treatment operation in Virginia. This stuff is never-ending.
Staff writer John Newsom covers higher education for the News & Record of Greensboro and the Winston-Salem Journal.
Have something to say about this blog post? Email him at john.newsom@greensboro.com. You can also follow him on Twitter at @JohnNewsomNR.
Support his coverage of higher education. Click here and here to learn about digital subscriptions the News & Record and the Journal.
Be the first to know
Get local news delivered to your inbox!