In the course of its 157-year history, Lincoln College—a small, historically Black college in Illinois—weathered multiple recessions, the 1918 influenza pandemic, and two world wars. But the dual scourges of the COVID-19 pandemic and a devastating ransomware attack have proven insurmountable for Lincoln, forcing the college to close at the end of this week.
According to a statement announcing the closure, the college was grappling with serious enrollment and financial challenges stemming from the COVID-19 pandemic when it fell victim to a ransomware attack in December 2021. The attack crippled systems Lincoln relied on for recruitment, admissions, retention, and fundraising and impaired access to all of the college's institutional data. Lincoln chose to pay the ransom, but by the time its systems were fully restored in March 2022, projections about the college's financial position had grown dire. When no transformational donation or partnership materialized to sustain the college's operations beyond the current semester, the board of trustees voted to cease academic programming.
Lincoln is one of many educational institutions targeted by cybercriminals in recent years. According to an analysis by Emsisoft, 1,043 schools were impacted by ransomware attacks in 2021, including 26 colleges and universities. A 2021 survey by Sophos found that 44% of schools experienced a ransomware attack in the previous year, with another 33% reporting that they expected to be hit by ransomware in the future. And because such attacks have proved lucrative for cybercriminals—indeed, many higher-education systems have demonstrated a willingness to pay large ransoms to free their data—the trend is not likely to abate.
Such cyberattacks can pose an existential threat to colleges and universities. The Sophos report found that the total average bill for an educational institution recovering from a ransomware attack was $2.73 million—the highest across all sectors surveyed. The ransom (for those institutions that pay it) is a small portion of that bill, with downtime, device, network costs, and other expenses accounting for the larger share. And as Lincoln's experience demonstrates, a ransomware attack can hobble key operations and hamstring a college's ability to address other critical challenges.
Colleges and universities can and should reduce the risk of a ransomware attack by enhancing their security precautions. But even the most sophisticated systems are not immune to cyberattacks, so response and recovery planning should be part of a school's preparations as well. Preparing now for the possibility of a ransomware attack is essential to helping a school get back up and running faster if it is targeted in the future.