Northern Essex Community College remains shuttered after cyberattack
A Massachusetts community college has closed its doors for a second day after a cyberattack took down significant parts of its network.
Northern Essex Community College serves more than 6,000 students across Massachusetts and southern New Hampshire, with campuses in Haverhill and Lawrence.
A spokesperson for the school told The Record that they did not know if the attack was ransomware, and claimed they “do not have evidence of any personal data being compromised.” On Tuesday, the school confirmed it would not open for the day.
“The college will remain closed for business on Tuesday, March 7, 2023. We are still working through details and continuing to put protections in place. We are aiming to be operative by Wednesday, March 8, 2023,” the school said on a temporary website created after the cyberattack.
“All employees with a NECC laptop should cease using their laptops and are asked to bring their computers in as soon as possible and leave them in your office so that our IT team can install protection-clients and perform forensics.”
The statement adds that remote work will be suspended for the rest of the week due to issues with VPN access, but employees of the college will be required to come to their offices. Microsoft Office 365, Zoom and some web-based services are still functioning, the college said.
On Sunday, the college said it became aware of unauthorized access to its network on or around March 1 and later noticed that several systems were no longer working.
The college contacted law enforcement and cybersecurity experts to help with an investigation. They urged students and employees to regularly change passwords and said anyone whose information may have been accessed will be contacted with guidance.
The attack is the latest in a run of incidents affecting colleges across the U.S. The year started with Massacusets-based Bristol Community College informing students that it was struggling to recover from a damaging cyberattack in late December.
Since then, Emsisoft ransomware expert Brett Callow said at least 10 colleges have been hit with ransomware or cyberattacks, including last week’s attacks on colleges in Tennessee and Louisiana.
Callow noted that the number of reported ransomware incidents affecting post-secondary schools and K-12 school districts in the U.S. is slightly worse than in previous years, with 13 ransomware incidents reported by the end of February 2021 and 15 attacks by the end of February 2022.
“By the end of February this year, there were 19 incidents. The yearly numbers have remained very similar too, having remained within the range of 84 - 89 incidents per year since 2019,” Callow told The Record.
“It’s clear that we’re not getting a handle on ransomware in the education sector. In fact, the problem may even be getting worse.”
Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.