University of Michigan severs ties to internet after cyberattack

The University of Michigan announced that it has severed its ties to the internet and cut off access to some systems after experiencing a cyberattack that began on Sunday.

In a message to the school’s more than 51,000 students on Monday, the school’s chief information officer Ravi Pendse said that the university on Sunday “made the intentional decision to sever our ties to the internet” after “careful evaluation of a significant security concern.”

“We recognize that cutting off online services to our campus community on the eve of a new academic year is stressful and a major inconvenience. We sincerely apologize for the disruption this has caused,” Pendse said, noting that federal law enforcement agencies are now involved in the incident.

“We took this action to provide our information technology teams the space required to address the issue in the safest possible manner. The team is working around the clock and already has restored access to some systems.”

Pendse warned that it may be “several days” before online services return but he noted that the outages are affecting some parts of the university more than others. No patient care at Michigan Medicine was disrupted by the cyberattack and classes are continuing, for example.

The school will continue to communicate with students through social media. The attack comes at a particularly inopportune time as the school year begins and new students typically turn to the campus website for information on class locations and more.

The university said it will waive late registration or disenrollment fees until the end of the month, which is in a few days. Financial aid funds may be delayed due to the outage but several other campus systems are still operating using off-campus and cellular networks.

The school did not respond to requests for comment about whether it was a ransomware attack, but school president Santa J. Ono apologized for the incident on Tuesday.

“The loss of internet access and other business functions across the University of Michigan community cast an unfortunate cloud over an otherwise sunny and glorious start to the academic year,” he said.

“Our Information and Technology Services teams, working together with leading cybersecurity service providers, are working tirelessly to resolve this disruption and I want to personally thank them for their dedication to this critical effort. Already they have restored an impressive array of online tools that are accessible and functional through off-campus internet connections. The investigative work into the security issue continues.”

He added that more information about the incident cannot be shared because it “might compromise the investigation.”

Issues began on Sunday, when the school reported issues with internet connectivity at around 1:45pm local time. University staff pledged to restore access as quickly as possible before realizing the scope of the incident.

Ransomware gangs have made a point of targeting K-12 schools, colleges and universities at the beginning and end of the school year, hoping the need for internet access will pressure schools into paying ransoms.

Several community colleges across Michigan were attacked earlier this year in advance of final exams and already, K-12 schools in Tennessee and Maryland have faced ransomware incidents.