An investigation into the Sept. 3 Howard University ransomware cyber attack continues though classes on campus have resumed. The school’s IT team is working to harden security within their operations and has hired a team of professionals to address the challenges of the ransomware attack, according to an email from the Office of University Communications.
Howard’s attack comes as the U.S. education sector saw a 15 percent increase in cyberattacks in July compared with the first half of 2021, according to CheckPoint Research.
Richard Forno, assistant director of University of Maryland Baltimore County’s Center for Cybersecurity, has 20 years of experience in the field. Forno said attacks against schools are going to rise because of the way they operate. “There is a different mindset about openness, being able to access different servers and systems,” he said.
Forno said cyberattacks might not be preventable but the impact can be minimized if the school engages in better cyber security and IT management.
On campus, some students are frustrated with how Howard is handling the aftermath of the attack, which caused classes to be canceled for two days. “Teachers, they do not have access to Blackboard but they still expect us to submit assignments but they can’t grade them so it’s kind of frustrating,” Howard sophomore Ciara Harthorn said.
Jasminemarie Mack, also a sophomore, expressed a desire for more flexibility, especially when it comes to dropping a class and due dates on student assignments. “They should be considerate of the students,” Mack said, noting that following the ransomware attack, students have been able to drop classes but it’s marked by the university as a withdrawal.
The FBI is investigating the ransomware attack but did not provide further comment as the investigation is still ongoing. Howard University campus police also did not provide an official statement as it is not investigating the cyber attack.
“To be honest law enforcement, the police, there is not much that they can do, they are really in a reactive mode, they are thereafter the crime has been committed,” Forno, the cybersecurity expert, said.
He said lawmakers need to make cyber attacks more challenging and less profitable to implement.
“Cyberattacks, unfortunately, are a part of modern living,” according to Forno, and there is no easy solution. Forno said students can play a part in preventing future attacks by using strong passwords and not sharing passwords. He said students should also be patient as the IT team works to restore the system.
With the increase of cyber attacks, some schools choose to pay the ransom. (There is no information on whether Howard University paid the ransom that had been demanded in its attack.)
But Forno said he does not encourage a university to pay ransoms as the attackers then see the university as an even easier target — and there is no guarantee that the attackers will stop.
“You might pay a ransom to one criminal group and get a password but then a week later, you are reinfected again with another ransomware attack,” Forno said.
It is not known whether Howard University faced another cyber attack after the first on Sept. 3.