top of page

The Rising Tide of Ransomware: William Jewell College's Battle with LockBit 3.0

Read Time:

6-8 Minutes

About the Case Study

This case study, titled "The Rising Tide of Ransomware: William Jewell College's Battle with LockBit 3.0," examines the significant cyber attack that targeted William Jewell College during move-in week in August 2023. It details the impact of the LockBit 3.0 ransomware attack, which disrupted college operations and compromised sensitive personal identifiable information of over 4,000 individuals. The study highlights the college's proactive response, including collaboration with cybersecurity experts and ongoing efforts to enhance its IT infrastructure. Ultimately, it underscores the critical need for robust cybersecurity measures in educational institutions to safeguard against the increasing threat of ransomware.

Introduction

In August 2023, William Jewell College (WJC), a respected liberal arts institution in Liberty, Missouri, became the target of a significant cyber attack by the LockBit 3.0 ransomware group during the crucial move-in week for new students. This incident not only disrupted the college's operations but also led to a serious data breach that exposed sensitive personal identifiable information (PII) of over 4,000 individuals. This case study examines the college's response to the attack, the ongoing investigation into the data breach, and the importance of strengthening cybersecurity measures in higher education.


Background

Founded in 1849, William Jewell College offers a diverse range of over 50 majors and programs, with a commitment to academic excellence. Competing in Division II of the NCAA as the Cardinals, WJC has a vibrant campus community, employing more than 200 individuals and supporting 24 intercollegiate athletic teams. However, the college found itself grappling with modern cybersecurity threats that jeopardized its operational integrity.


The Cyber Attack

On August 18, 2023, WJC discovered it had been targeted in a cyber attack that disrupted its network and systems. In an interview, Heath Hase, Chief Information Officer, emphasized the swift actions taken by the Department of Information Technology to secure the systems and investigate the breach. Hase noted that educational institutions have increasingly become targets for cybercriminals, particularly at the start of the academic year when operational disruptions can have a significant impact.


LockBit 3.0 is a sophisticated strain of ransomware known for its speed and efficiency in infiltrating networks. It operates under a Ransomware-as-a-Service (RaaS) model, where the creators offer the malware to other cybercriminals for a share of the ransom profits. Once it gains access to a system, LockBit 3.0 encrypts files, making them inaccessible until a ransom is paid, often demanding payment in cryptocurrencies to maintain anonymity. The group is notorious for its targeted attacks on organizations, including educational institutions, where operational disruption can yield higher ransom amounts due to the critical nature of their services.


The attack not only caused immediate operational disruptions but also led to a data breach in which sensitive personal information may have been accessed. On January 29, 2024, WJC began notifying individuals whose data may have been compromised, including names and Social Security numbers, highlighting the gravity of the situation.


Impact of the Attack

The cyber attack and subsequent data breach had profound implications for William Jewell College:

  • Operational Disruption: The attack affected the college’s ability to function effectively during a critical time for new student arrivals and other essential operations.

  • Data Security Concerns: The exposure of personal identifiable information raised serious concerns about the security of student and employee data, prompting a need for transparency and trust-building within the community.

  • Reputation at Stake: As news of the attack spread, it underscored the vulnerability of educational institutions to cyber threats and highlighted the need for robust cybersecurity measures.


Response and Recovery In response to the attack and data breach, William Jewell College took several decisive actions:

  • Collaboration with Cybersecurity Experts: The college partnered with third-party specialists to investigate the nature of the attack and to implement effective recovery measures.

  • Transparent Communication: Hase addressed the community's concerns by providing clear and transparent information about the attack and the steps being taken to mitigate its impact.

  • Infrastructure Improvements: In conjunction with the investigation, WJC had already initiated a substantial IT infrastructure project aimed at upgrading its network capabilities. This project included the installation of new network cabling and access points to bolster the college’s cybersecurity posture moving forward.


Conclusion

The cyber attack by LockBit 3.0 on William Jewell College serves as a stark reminder of the vulnerabilities faced by educational institutions in an increasingly digital world. The exposure of sensitive data alongside operational disruptions underscores the critical need for robust cybersecurity measures in higher education. WJC's proactive response and commitment to transparency highlight the importance of safeguarding institutional integrity and protecting the community's trust.


Call to Action

As educational institutions confront the realities of cyber threats, it is imperative to prioritize the development of comprehensive cybersecurity strategies. By investing in advanced solutions and fostering a culture of awareness around cyber risks, colleges can better protect their operations and legacies. The experience of William Jewell College should inspire other institutions to evaluate their cybersecurity protocols and take proactive steps to safeguard their communities and futures.

Next Steps

Hilltop Technologies is a forward-thinking cybersecurity firm dedicated to providing innovative and affordable security solutions for educational institutions and small to mid-sized businesses. Their flagship product, Volt, is an advanced Endpoint Detection and Response (EDR) solution designed to protect organizations from evolving cyber threats. Volt offers real-time monitoring, threat detection, and rapid response capabilities, enabling institutions to safeguard sensitive data and ensure operational resilience. With a commitment to empowering the next generation of cybersecurity professionals, Hilltop Technologies combines cutting-edge technology with a focus on client education and support, making it an ideal partner for those seeking to enhance their cybersecurity posture.


bottom of page