Following a ransomware attack, Lewis and Clark Community College will remain closed the week of November 29 through December 3 to "provide necessary recovery time for our IT systems," according to an update posted on Lewis and Clark's Facebook page.
The Lewis and Clark cyberattack apparently surfaced Tuesday, November 23, and campuses were closed starting on Wednesday, November 24. The public community college, based in Godfrey, Illinois, serves roughly 15,000 students annually, according to WikiPedia.
Lewis and Clark did not disclose whether it has hired a third-party cyber forensics firm or MSSP to investigate the alleged attack, and/or to assist the college's IT network recovery.
Tips to Protect Against Ransomware Attacks
To mitigate the risk of ransomware attacks, the FBI and CISA say MSSPs and MSPs should take these seven steps:
- require multi-factor authentication (MFA);
- implement network segmentation;
- scan for vulnerabilities and keep software updated;
- remove unnecessary applications and apply controls — and be sure to investigate any unauthorized software, particularly remote desktop or remote monitoring and management software;
- implement endpoint and detection response tools;
- limit access to resources over the network, especially by restricting RDP; and
- secure user accounts.
How MSPs and MSSPs Can Respond to and Recover From Ransomware Attacks
If a ransomware incident occurs, then the CISA, FBI and NSA recommend the following four actions:
- Follow the Ransomware Response Checklist on p. 11 of the CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide.
- Scan your backups. If possible, scan your backup data with an antivirus program to check that it is free of malware.
- Report incidents immediately to CISA at https://us-cert.cisa.gov/report, a local FBI Field Office, or U.S. Secret Service Field Office.
- Apply incident response best practices found in the joint Advisory, Technical Approaches to Uncovering and Remediating Malicious Activity, developed by CISA and the cybersecurity authorities of Australia, Canada, New Zealand, and the United Kingdom.