Windows servers were infected, as well as PCs connected to them, officers reported.
An encryption malware attack affected the Andrews University (AU) computer systems on May 14, 2020, according to officials of the Seventh-day Adventist school in Berrien Springs, Michigan, United States. In a May 18 letter to the educational community, leaders reported on the situation and shared the steps they are taking to respond to this attack.
What Happened
AU Chief Information Officer Lorena Bidwell said that a malicious individual attacked the Andrews University Windows systems in the early morning of Thursday, May 14, 2020. “The attack buried encryption malware in our core Windows infrastructure, infecting our Windows servers and any Windows PC that was connected to those servers,” Bidwell wrote. “The attack impacted most Windows servers, and any PCs that were turned on while physically on the campus were encrypted. Fortunately, this malware did not affect Linux servers, so, as a result, our Banner and Vault systems, Learning Hub, Zoom, Library, Gmail, web servers, campus network, internet access, and wifi all continue to function.”
What the School Is Doing
Bidwell reported that the primary infection mechanism was identified and that they were able to stop any further impact on AU systems by late morning on May 14. “Unfortunately, the servers and PCs that had their files encrypted will need to be rebuilt/restored to recover all the functions we depend on,” she wrote. “This will take place in phases by priority and will involve weeks before all systems will be fully restored.”
Officials acknowledged that as of May 18, they cannot give a specific timeline to get the systems back to normal, but that they are doing everything they can to restore the affected equipment. “We will continue to move as quickly and carefully as we can,” Bidwell wrote.
A Word of Warning
Bidwell asked AU faculty, staff, and students to not use Windows-based computers on campus that have not been certified as “clean” by Information Technology Client Services staff. “Our staff are working intensely over the next few days to do this certification and will notify your chair or program/department director when the computers in your department have been scanned,” she said.
She also asked all users to treat their Outlook email client with great care as this may be a source of recovery for some emails. Accordingly, Bidwell said, it would be best not to make any changes to Outlook configuration for that reason.
“Thank you so much for your patience and understanding as we work through the involved process of rebuilding our servers and PCs,” she said.