Hitting Bedrock—CSU’s Response to a Ransomware Attack and Lessons for Higher Education

Cybersecurity incidents in higher education are increasing in number and complexity. In fall 2020, California State University San Marcos (CSUSM) experienced an unauthorized access to campus systems with the intent to deploy ransomware. The attack used hacking tools to access campus systems and proceeded to steal encrypted passwords for later use. Campus IT security staff took actions at the time to contain the unauthorized access, but, unknown to the university, the individual(s) continued to access campus resources by using stolen credentials until November, when they were finally removed from CSUSM systems. As highlighted in the FBI’s FLASH report (March 16, 2021—Increase in PYSA Ransomware Targeting Education Institutions), organized crime groups are targeting all levels of education due to the combination of openness and value of stored personal information. The events that hit CSUSM are very similar to the FBI alert and part of a larger cyber threat that led California State University to initiate a system-wide cyber hygiene project. This joint presentation from the Cal State San Marcos CIO, Cal State San Marcos ISO, and CSU System CISO will share key lessons learned and the ramifications of the increased attention by threat actors to higher education environments.