Northwest Indian College suffered major file loss in Ryuk ransomware incident
Northwest Indian College describes itself as the only accredited tribal college serving the states of Washington, Oregon, and Idaho. This month, they joined the ranks of colleges hit by ransomware. As seen on their website, this July 11th notice:
This week, the Northwest Indian College (NWIC) has been facing a cyberattack identified as the Ryuk ransomware virus. The outbreak has corrupted many internal files on our systems, including backups and legacy data.
The College has contacted the appropriate authorities to determine next steps.
While the College is still open regular business hours, services will be limited. Face-to-face classes will still run. Video conferencing hybrid classes will be down temporarily.
NWIC staff is diligently working to secure the network, and apologizes for any inconvenience this may have caused. The College urges others in the community to take extra precautions to secure and back up their networks, with a heavy emphasis on offsite or cloud backups of critical systems and data.
NWIC has not responded to emails sent over the past three days asking them what the ransom amount was (if ransom was demanded) and what the college’s thinking was about paying any demanded ransom. NWIC appears to know that files are irretrievably lost or corrupted beyond repair. Was there an option to pay that the college declined to use? We know that even when entities pay ransom, all files may not be recoverable, and Ryuk seems to be one of the more dangerous/damaging forms of ransomware, but it would be helpful to know what advice the college got, and from whom, in making any decisions.