COLLEGE PLACE — More than six weeks after Walla Walla University’s internal network and phone lines were taken down by a cyber attack, school officials report all central services are back online.
Not all systems are fully functional, however.
Aaron Nakamura, WWU’s director of marketing and university relations, said on Monday full restoration is going to take more time.
The school’s information technology team continues to work on restoring services, such as identification card printing and some parts of the campus phone system, Nakamura said.
“The team expects to be working throughout the rest of this month to restore many of the university’s automated processes,” he said. “For some cases, we are working with contractors to fully restore such processes.”
The attack, characterized by school officials as a ransomware incident, came just as students were beginning review for class finals in December.
As its name suggests, a ransomware attack involves criminals blocking access to computer systems until money is paid. WWU officials have not confirmed details about a ransom.
According to the school’s newspaper, The Collegian, WWU officials sent out an alert at 6:45 a.m. on Dec. 9, notifying students the university’s phone systems were down.
At 8:36 a.m., a message from administration told students of the ransomware hack.
The alerts advised students not to log in to desktop or classroom computers and to unplug those from school networks.
Messages to staff noted login information had been compromised and passwords were no longer operational.
By mid-morning the university had launched an investigation and response effort, with the assistance of a leading cybersecurity and forensic firm, which the college has not named.
“WWU immediately worked to isolate affected systems and services to contain the incident,” Nakamura wrote in an email this week.
Officials said the incident did not affect personal devices.
The internal network system was partially restored over the next several days. Teachers were able to post grades by Dec. 20, The Collegian reported.
Since the incident, the technology team has rebuilt the university’s core network infrastructure and implemented processes to maintain data access. Updated security measures were added; systems and services are now actively monitored by a third-party security team.
Nakamura said that moving forward, users of the school’s network and computers will notice enhanced security tools that include longer passwords, new wireless networks with updated security configurations and other measures for desktop computers at the school.
“The university expects to fully recover from the incident,” he said.
Nakamura did not respond to questions about any involvement of law enforcement agencies in the incident.