Students and faculty at Carleton received a notice on Nov. 29 that the university had been hacked by a ransomware attack, demanding payment in bitcoins—a form of digital currency—if the school wanted to regain access to its files.
The university has still not identified the source of the attack, according to Carleton’s media relations officer Steven Reid.
Public announcements were issued in the MacOdrum Library, warning users that the school’s printers and computers were down, and to stay off the university’s public Wi-Fi until the issue was resolved. The university also warned the community to stay off their Carleton web accounts.
The Information Technology (IT) department at Carleton said in a post on their website that they had detected an attempt to infiltrate the IT network early Tuesday morning.
The warning added that any computers with a Windows-based system connected to the main network, such as the Wi-Fi, could be at risk. The university warned users they might receive a notification on their laptop requesting payment in bitcoin in return for their files, and that they ignore and report these messages.
According to Reid, ransomware is “a malicious software that encrypts files and demands payment in exchange for restoring access to those files.”
Reid said in an email that the restoration of files and the IT network was led by the department of Computing and Communication Services (CCS).
He said that while Carleton has appropriate security measures in place, they are continuously looking for ways to improve their IT security.
“As part of this due diligence, for example, staff, students and faculty were recently asked to change their passwords,” Reid said.
This week, students were sent an email asking them to change the password to their MyCarletonOne accounts. A representative from CCS said that the hack is no longer a threat, but because Carleton accounts are all linked, the email was sent as a precautionary measure.
Apollinaire Tsopmo, an associate professor in Carleton’s food science and nutrition program, said he is still unable to access many of his personal files, including student reports and research data. Although the university updated his operating system, which he can now access, he said his files are still missing.
Tsopmo said this is the first time he encounters a security breach and that he’s very concerned. While he hasn’t lost faith in Carleton’s security, he said he will “only if I cannot recover my files.”
Sara Schoenherr, a second-year political science student, said her experience was less severe. She had plans to print off a film review at the library, but was unable to access the printer.
But she said her professor gave an extension to any students who experienced technical issues.
“When you can’t access the Wi-Fi, your Carleton email or accounts, that’s a big deal at a university,” Schoenherr said.
The incident didn’t seem to affect all students. Francesca Lupsac, a second-year public affairs and policy management student, said she went about her day unaffected.
Lupsac is staying in residence, but has her own router, and said she could access her Carleton accounts and internet as usual, although she credits this to being an Apple user. She said she believes the incident isn’t something she will worry about in the future.