Claremont McKenna College was hit with the first stage of a ransomware attack on Oct. 30.
According to CMC spokesperson Gilien Silsby, the college became aware of the intrusion early Saturday afternoon. The attack progressed to the first stage of the cyberattack life cycle, out of seven potential stages, before students were warned.
The attack consisted of “a known ransomware command and control server … scanning CMC’s network,” Silsby said in an email to TSL.
“Saturday’s event did not go past the first stage of reconnaissance because CMC’s firewall blocked the scan,” she said.
In response to the suspicious scan, the CMC IT team embarked on discovery processes as well as defensive activities as a precautionary measure.
“The discovery process involved review of SOC [security operations center] data and analysis of targeted systems,” Silsby said, adding that this defense included temporarily disconnecting those targeted systems from the CMC network.
After about two hours, the IT team found that all efforts at connection by the ransomware had been blocked.
“At no time was CMC’s network, systems or student computers in danger of being infected with ransomware,” Silsby said.
CMC students received emails around 2:00 p.m. Saturday alerting them to the attack, which at that time was still underway.
“Please be very careful about the links, websites, emails, etc. that you click and visit,” an email to students sent by the resident tech assistants of Crown Hall advised.
Another email sent later in the hour provided a little more detail. The RTAs advised students to store any critical data they did not want to lose from their computers onto Box, the storage platform used by the 5Cs, and instructed students to unplug any Ethernet cables. The email additionally reminded students to be wary of links received through social media.
By 3:55 p.m., Crown Hall residents received a third email which alerted them that the attack was over. “There is no risk to your machines and you can now reconnect to the network,” students were told.