Ransomware Attack: CPCC to resume some classes Monday, cancels spring break

CHARLOTTE — Central Piedmont Community College, North Carolina’s second-largest community college, has confirmed it’s the victim of a ransomware attack that has shut down all school-related technology.

The college told Channel 9 that the servers are being held for money, but haven’t specified how much.

Officials said the attack was discovered last Wednesday evening and caused the college to cancel classes for several days.

Officials at the college later canceled classes last Friday, over the weekend and into the next week due to the ongoing issues.

Some classes will start on Monday, Feb. 22 while others will start on March 1.

Here is how they plan to move forward with classes as the investigation continues:

  • Students taking on-campus classes will receive instructions once email is restored
  • Students who are taking online classes in “Brightspace” will receive more information as soon as email is restored
  • Students who are in hybrid classes in “Brightspace” will receive more information about the online portion of their class once email is restored
  • All other spring semester classes will resume on March 1

School officials also said spring break will be canceled because of the interruption to the spring semester and in order to keep students on track to complete the semester on time. The school’s spring break was scheduled for March 8 through 12.

Last Friday, anchor Allison Latos got her hands on a police report indicating that the Charlotte-Mecklenburg Police Department is investigating the case as a cyber crime.

CMPD called it a fraud investigation.

According to the report, which classifies the case as a hacking or computer invasion, the college’s assistant director of campus security said he “was notified around 10:30 p.m. on Wednesday that the CPCC computer network had been hacked into by unknown suspects, causing a complete shut down of all computer systems. Online classes have been canceled due to the shut down.”

No further details have been released.

There was no definitive answer as to what caused the outage, a CPCC spokesperson said on Thursday.

Some students can send emails but faculty and staff emails still are not working.

As of Wednesday, officials said the investigation has not found any evidence that student or employee personal information was exposed but several college systems remain offline as a precaution.

The outage affected email, Blackboard, Citrix and other systems.

Kim Sassenburg is a student at CPCC and was supposed to have a virtual psychology class on Friday, but it didn’t happen.

“It said Blackboard is temporarily unavailable due to technical difficulties,” she said.

The college said it’s working with the North Carolina Community College System (NCCCS) Cyber Incident Response Team, the N.C. Department of Public Safety, the Federal Bureau of Investigation, and other federal and state agencies to assist with the investigation.

The Federal Bureau of Investigation said it’s aware of the attack and is offering assistance.

Security and Technology expert Reda Chouffani of Biz Technology Solutions told Channel 9′s Ken Lemon that breached usually begin with an email encouraging someone within the system to click a link.

“And all it takes is one click in some cases to really create some painful situations,” he said.

Chouffani said it’s a little bit easier because of the pandemic, since so many people are working at home with security systems far less sophisticated than systems at work.

But he said major institutions are required to keep personal data and payment information secure even if there is a breach.

“It is encrypted and not anybody can have access to it,” he said.

Chouffani also said in cases like this, imagine a burglar changing to locks on someone’s home and making them pay to get back inside, instead of stealing. He said financial information should be safe, but he still says anyone concerned should start monitoring their credit report.