A stone monument welcoming the public to Imperial Valley College marks the entrance to the campus. IVC was hit with a ransomware attack on Aug. 6. The attack has forced IVC to push back the start of fully online classes by a week. | COURTESY PHOTO
IMPERIAL — Distance-learning classes at Imperial Valley College will be delayed at least a week due to a ransomware attack on the college’s computer systems Aug. 6 that affected “the main teaching and learning service used in online schooling,” according to a press release.
Fully online courses were to start Aug. 17, but have now been pushed back to Aug. 24, although hybrid courses (a mix of distance learning with a “face-to-face component”) and fully face-to-face classes will start as scheduled Aug. 17, according to the press release that was sent out to media late Aug. 14.
Additionally, IVC officials do not think any personal data was compromised as part of the ransomware attack, and it was not believed that the virus infiltrated the system through a phishing email, said Martha Garcia, superintendent/president, during a call to this newspaper Aug. 15.
Students and staff were informed at the end of the business day Aug. 14 when news of the delays was posted directly to the campus website homepage, imperial.edu, and through correspondence.
“We appreciate the patience of our students, faculty, staff and the community as our experts work through this incident,” stated Garcia in the Aug. 14 press release. “Once the investigation is complete and all the facts are collected, we will be providing an update to the students, campus and the community.”
Adjunct English professor Esteban Ortiz, who was preparing for the Aug. 17 start of school despite not having full access to the Canvas online-learning platform or WebSTAR, the student portal, said he was informed Aug. 14 by another English professor that classes had been delayed.
“We knew there was something going on,” said Ortiz, who is also a full-time teacher at Imperial High School preparing for the Aug. 17 start of online-only classes there. “Our job was to know that they (the school) were taking care of it.”
The college has been selective in the information officials have made public since informing students and staff of the ransomware attack a few days after it had already occurred and systems had been taken offline.
Among some key questions IVC had been slow to answer were whether personally identifying private information of students, staff or faculty had been compromised or stolen.
Father Mark Edney, Area 5 Imperial Community College District board trustee and president, said Aug. 15 “that to my knowledge no personal data has been compromised.”
Edney said he had spoken to Garcia on Aug. 14 and that the attack was quite “severe,” so the investigation into the breach was extensive and had been occurring on almost a 24-hour basis since it was carried out.
Garcia reiterated what Edney said and added that she intended to email faculty and staff to “explicitly” inform them that no personal data had been stolen in the hack.
Although the scope of the breach is still being investigated, Garcia said if any data was thought to be stolen she would have contacted the state Department of Education and each person thought to be affected.
Edney said there has been significant progress in bringing some systems back online, like WebSTAR, but there are still some “glitches.”
“The fear right now, really, is saying too much” regarding the details of an ongoing investigation, Edney explained during a brief interview.
Imperial Valley College has a projected enrollment this coming semester of 7,000 students and hundreds of faculty and staff members, so there is potentially a lot of information contained within the college’s network.
Ortiz said he feels like his personal information was safe, and that the college adequately addressed those concerns.
He wasn’t too concerned about his personal information, though. He said he pays for a third-party service that protects his personal info online and alerts him to potential activity using things like his Social Security number.
Earlier in the week, through press releases and statements, the college acknowledged it is working with outside cyber security firms in the restoration of the system and probing into the systems breach.
Garcia told this newspaper that unlike the county’s ransomware attack in April 2019, IVC is not rebuilding its systems from the floor up; rather, the IT department and consultants are extensively reprogramming.
The college made the decision to take its network offline Aug. 6 to protect its core information system called the BANNER student information system, which is a database of all student records.
“We shut it off for our protection,” Garcia said Aug. 15. “If (BANNER) would have been impacted, we’d have been in trouble.”
Meanwhile, the campus Information Technology Department, has restored capabilities in some of the systems, the latest press release states.
“The IVC IT team has been working diligently with our consultants and fortunately we are seeing positive progress,” Garcia stated in the Aug. 14 release. “Special thanks to our IT team.”
School officials said computer systems are gradually coming back online: “Some of the systems may be available only intermittently and users may experience delays or have difficulty in accessing certain information systems.”
“We are prioritizing the teaching and learning services systems that directly impact students and faculty,” Garcia stated in the release. “I recognize this has been a difficult and confusing time, but we will get through this together and persevere.”
Key on-campus systems still temporarily unavailable as of Aug. 15 were listed as WebSTAR, PortalGuard, Canvas (the online learning platform), Syllabi Site, and Contact Forms, according to a post directly to the website.
The press release nor the message on the website addressed whether the phone system was back online, but as of the morning of Aug. 15, the main number appeared to be functional, 760-352-8320.
The phone system had been down from the time of attack through at least Aug. 12. It wasn’t immediately known if it had been fully restored.
Garcia said Aug. 15 IVC is looking into how the ransomware infiltrated the network. She said it doesn’t appear that the malware entered through a phishing email being opened, like the virus that impacted the county last year.
Garcia declined to reveal the ransomware demand made by the hacker or hackers to regain control. As far as the financial burdens of the system breach, all should would say is that the college was insured against such attacks.
IVC is in Imperial County Supervisor Ray Castillo’s fifth district, and he knows a little about ransomware attacks.
The attack against Imperial County’s systems in April 2019 was crippling and made nationwide headlines.
“This will be a learning experience for Imperial Valley College, like it was for the county,” he said Aug. 15, adding he planned to reach out to President Garcia to offer any assistance he could.
Early last week, County Executive Officer Tony Rouhotas Jr. was asked if anyone from the college had reached out to the county for advice or technical assistance, and he responded that no one had.
The county shared information about the attack early and often with the public and its own staff, especially regarding whether personal data had been compromised, which to this date, county officials say none was.
An “after-action,” post-attack report showed that the malware used in the attack did not possess the capability to move data off the county’s system, or what was referred to as “data exfiltration.”
The attack took the county’s website, computer networks and phone and email systems offline for more than a week. Spending $1.9 million in software, hardware and cybersecurity upgrades, the county Board of Supervisors fought back against demands to pay a reported $1.2 million in digital ransom (bitcoin). The board unanimously decided to rebuild its system from the floor up at the time of the attack.
The malware entered the county’s systems through employees answering email phishing scams that allowed dormant viruses to infect the system before attacking the system several weeks later.