July 4, 2019 630 PM
ALPINE – Sul Ross State University continues to feel the effects of a ransomware attack that took down the school’s computer network the night of June 21. The Office of Information Technology (OIT) at SRSU has been able to restore phone lines, the online education portal Blackboard and payroll but reported, “Campus email will remain unavailable until further notice,” for faculty, staff and students.
In the wake of the attack, students at the school’s four campuses in Alpine, Uvalde, Eagle Pass and Del Rio experienced brief disruptions of their on-campus and online summer courses. The OIT is working with the Texas Department of Information Resources (DIR), Multi State Information Sharing and Analysis Center (MS-ISAC) and Core Recon out of Houston to investigate the attack and fully restore operations.
“By the time we discovered that we were experiencing a ransomware attack, we immediately started blocking access to the network,” said Sul Ross President Bill Kibler. “The staff at OIT jumped right into action to take steps to protect the university.”
Kibler said one of the first calls to action was to ensure that mission-critical functions of the university were in full operation.
“First and foremost, our primary mission is to provide an education,” he said. “So, we needed to make certain that students had access to classes, specifically, Blackboard.”
Ransomware is a software that infiltrates a computer network, studies its functions, and strikes a weak point taking down the system and requesting money in exchange for restoring the network. Malware is injected into the network “when an unsuspecting user clicks onto an email link,” according to SRSU’s Chief Information Officer David Gibson.
The virus entered the SRSU’s network in March, but it remained undetected and able to study the system’s weaknesses for months. The ransomware did not strike until 11:50pm on June 21, when a remote server ordered the ransomware to encrypt all campus servers rendering them useless. It is not known who was behind the attack, according to Travis Hendryx, who officially steps into his role at the Office of Public Relations on Monday.
Hendryx emphasized that the university’s ability to restore all functions without paying the ransom is because of a substantial backup server the school maintains.
Gibson said the goal of ransomware hackers is not to harvest or steal information but to commit a “cyber” kidnapping and demand payment for the return of what was encrypted.
“Although this has been painful for everyone in the university community with the temporary loss of services, the bottom line is we have very good backups.” said Gibson. “We will be able to recover everything.”
Gibson added the particular ransomware that struck Sul Ross is not unique to the university.
“I hate to use the word ‘normal’ but this is how the world is today,” he said.
