On the morning of Friday, Jan. 29, Baldwin Wallace University was the target of an attempted cybercrime. While not all information could be disclosed, it is suspected that the attack was the result of a phishing email that granted access to certain parts of the school’s network. The intention of the attackers was to seize certain information from employee systems to hold for a ransom.

The attack was caught early on and BW personnel were able to keep the attackers from completing their task, but recovering the network and strengthening security to prevent future attacks kept the entire BW network and internet system down from Jan. 29 to Feb. 1.

“The morning the attack happened, we had one of our Helpdesk personnel notice that things (on the network) were out of sorts and not running in an optimal situation,” said Greg Flanik, chief information officer at the BW Information Technology department. As the department further investigated the disturbance, they realized that it was not a network issue but an outside party attempting to gain access to the network.

“They were attempting to do a ransomware attack,” said Flanik. “When installed on the system, it locks all of the files so when you boot up your computer all of your data and programs are locked.” He explained that oftentimes, this kind of attack is accompanied by a note with contact information, a promise to unlock a certain number of files as proof that they are able to decrypt them, and a ransom amount.

“In this case, they were setting up the attack. I believe there were two employees who had their computers completely ransomed. We were left with that Friday morning and we just kind of knew that it would be a long day.” The typical time it takes for a school to recover from an attack like this is two to four weeks. In March 2020, Otterbein University in Westerville, Ohio experienced a similar attack. Their networks were hit shortly after making a switch to all online classes due to the COVID-19 pandemic. Their networks were down for about 3 weeks.

“Unfortunately, it was our turn,” said Flanik. He acknowledged that BW was lucky to be able to get the network back up and running over a single weekend. “We spent all day and all evening Friday, Saturday, and Sunday attempting to recover critical components and testing them to make sure the back-ups weren’t affected.”

The hope of the IT department was to get things up and running in time to hold classes on Tuesday morning, but it wasn’t looking realistic on Monday night. “It was one of those things where were just so close and if we could just have 30 more minutes, we’re there. And then 9:30 p.m. came and we asked for another 30 minutes. Unfortunately, when it came to 10 p.m., we just had one missing piece and we weren’t sure that we were going to get it.”

It was around that time that the IT department was about to pull the plug on classes for Tuesday morning, but the second the call to cancel classes was made, the final pieces to bring everything back up were put into place. The following week was spent slowly bringing the remaining network programs online. “It wasn’t that we weren’t able to get them back up quick as much as we needed to get the right security measures in place. We have worked with an outside firm that understands these incidents and can give guidance.”

While the department managed to get the network up in about four days, two days of classes were still missed. With many classes run primarily online, having any amount of a network outage can take a toll.

“The cyberattack caused my Monday night class to be canceled, which set us behind in course work,” said Digital Media and Design Professor, Sara Wichtendahl. “I had to extend deadlines and due dates, which is causing some overlaps in work due to trying to keep the class on target.”

Despite the setbacks, Wichtendahl said that the situation was handled the best that it could have been. “I believe BW did a great job keeping staff informed of the situation as it unfolded. I know this was a very stressful time for the administration and they kept the staff and students updated. I think IT really pulled a miracle on getting us up and running as fast as they did and they should be commended for all their hard work,” said Wichtendahl.