Ransomware attack caused ongoing Napa Valley College internet and phone system outage | Local News
The Napa Valley College website and network systems were knocked offline as the result of a ransomware attack roughly two weeks ago, a spokesperson for the school has confirmed.
Napavalley.edu was still dark as of Saturday afternoon , as NVC continued an investigation that began shortly after the site vanished from the internet on or before June 10. Attempts to visit the site have resulted in the message “this site can’t be reached” or a redirect to GoDaddy.com, a company that registers internet domain names.
As a result of the attack, some of the college’s network systems were “maliciously locked up” while others were taken offline by the college to mitigate the impact of the attack, according to Napa Valley College spokesperson Holly Dawson. Robert Frost, NVC’s interim superintendent/president, said in a statement that the school is approaching full recovery from the attack, but isn’t completely there yet.
Frost added that the school is in the process of notifying all employees and current students about the attack and has arranged for complimentary credit monitoring and identity protection services for 12 months.
“As soon as we became aware of the cyberattack, we commenced an investigation and have been working with state and federal law enforcement and third-party cybersecurity and forensic experts to investigate the incident, assess the potential impact, and bring all our systems and services back online,” Frost said. “… We want to assure our students and the Napa Valley College community that we place a high value on maintaining the integrity and security of the data we hold in our systems.”
According to assistant superintendent Jim Reeves, the school’s IT team and forensic experts worked “around the clock” to restore and monitor the safety of all NVC systems before the school started bringing services back online. He said in a statement NVC has historically underinvested in its information technology systems, but efforts were underway to improve them prior to the attack, and the school is carrying out extra efforts to improve those systems further.
Daniel Vega, who was named NVC interim IT director the day before the attack began, said in a statement the school’s board of trustees had updated its annual goals at a February meeting to make institutional technology a priority. He noted that most of the school’s systems were backed up, which means that ultimately “very little will be lost or compromised.”
“This wasn’t how I expected to spend my first day in my new position,” Vega said in the statement. “But leadership moved quickly to address the situation and provide the support we needed.”
Dawson, responding to an inquiry from the Napa Valley Register, confirmed on June 17 that the outage resulted from a cyberattack on the college’s computer systems. But later that day, college officials declined to share further details of the outage, citing their investigation.
The intrusion has blocked internet users from viewing most parts of the NVC website, although a section hosting meeting agendas for the board of trustees has remained live. Some computer systems were locked up by the intrusion, and NVC’s information technology department locked down others as a precaution, Dawson said last week.
The attack also disabled NVC’s on-campus telephones and employee email accounts, leaving social media and a separate website for the athletic department as the college’s only ways to communicate with a mass audience.
NVC officials first announced the disruption to online and phone services June 10 on the school social media accounts, describing it as a “technical issue which has disrupted access to our website and Self Service.” A week later, the school said it was working with the U.S. Secret Service and Homeland Security department to look into the incident.
Professors and staff regained their email access June 16, but campus phones remained unreachable over that weekend, with a Register reporter failing to connect with about 15 different numbers in various departments. (Student email and the phones for NVC’s campus police force have not been affected.)
Renewed attempts to dial various NVC numbers late Wednesday resulted in some phones disconnecting, while others rang seven times but disconnected without connecting to voicemail.
NVC has said it would continue teaching summer-session classes both in person and remotely despite the disruption, using an online platform that includes email and communication with professors.
The outage disrupted registrations for NVC’s fall semester, and school officials notified four-year colleges in California where graduating NVC students may be transferring, according to Dawson.
While NVC’s main website remains down, school officials continue to post updates on the outage on the college’s athletics website, which is hosted on a different server. The site, nvcstorm.com/general/NVC_IMPORTANT-NOTICE, includes phone numbers for NVC’s counseling, financial aid, health, police and business departments, and NVC this week hosted online Zoom conferences to discuss enrollment and financial aid issues.
Jessica Erickson, NVC dean of enrollment and outreach services, said in a statement that the school’s primary focus during the investigation has been supporting students taking summer classes and those registering for fall. She noted that the school has provided a form for student inquires on the NVC athletics website, has hosted Zoom Q&A sessions, arranged to expedite orders for transcripts and extended the application deadline for its nursing program.
Counselors are also still meeting with students online, and the school’s welcome center, financial aid office and other officers are open to help students in person, according to Erickson.
“Napa Valley College never canceled classes and students never lost access to email or the student portal Canvas,” Erickson said.
Dawson noted that several other community colleges have suffered similar attacks in the past year. Frost said in the statement he isn’t anticipating a drop off in fall registrations as a result of the attack.
“Our data suggests that we are on track to maintain enrollment numbers,” Frost said. “We didn’t miss a day, never shut down classes. It may not have been business as usual, but we did our best to make it as smooth as possible for our students and employees.”
You can reach Edward Booth at 707-256-2213.