Closing of Lincoln College Show Real Life Impact of Ransomware

The scourge of ransomware is having an increasingly serious impact on real life. A spate of recent attacks is affecting people and institutions on a scale not previously seen. This week, for example, the nation of Costa Rica announced that its government has effectively been paralyzed by Russian ransomware. Yes, an entire country was shut down by a hacking gang. Then, the 157-year-old Lincoln College, which has served generations of black Americans, announced that it is closing its doors permanently due to the crippling effects of a ransomware attack.

For Lincoln College, named after Abraham Lincoln, which has survived crises over the years that include the Spanish flu epidemic of 1918, the Great Depression, two world wars and the 2008 financial crisis, ransomware was the problem that proved insurmountable. That should tell us something about how serious this threat is becoming to American society. The school was also dealing with the impact of the COVID pandemic, which contributed to their financial troubles.

Cybersecurity industry leaders have weighed in on the closure of Lincoln College. Tim Erlin, VP of strategy at Tripwire, remarked, “Responding to and recovering from ransomware played a significant role in Lincoln College’s demise. It cost them time, as well as money, to recover. In this case, time was equivalent to the opportunity to perhaps right their ship and save the institution. When you’re already struggling, losing access to operationally important systems for more than a month can easily become a death knell.”

Saryu Nayyar, CEO and Founder of Gurucul, put the issue in perspective, noting, “The impact of ransomware on relatively smaller organizations can be catastrophic. A 157-year-old institution already hampered by the impact of the pandemic having to shut down during a critical period due to ransomware is tragic. Ransomware has a much broader impact to business than simply the payment to restore services. There are plenty of other costs related to stolen and resold data, business availability and employee downtime that are virtually impossible to predict upfront but with no less impact.”

According to Nayyar, one lesson to be learned from Lincoln’s experience is that organizations need to invest in the latest threat detection, investigation and response tools that can empower even smaller teams to rapidly detect attack campaigns such as ransomware early in the kill chain. As she put it, “This requires advanced analytics and trained machine learning (ML) with out-of-the-box detection capabilities to automate manual tasks and accelerate security analyst or engineer efforts before data is stolen and/or encrypted as a precursor to ransomware detonation.”

This advice is sound, but it raises the question of how a small institution like Lincoln College can afford to implement such solutions and practices. Affordable managed security service provider (MSSP) offerings may be the answer. At a minimum, however, the Lincoln College episode shows how critical it will be for all businesses and non-profits to take the ransomware threat more seriously.