Hackers Freeze New School Year at University of Michigan

The University of Michigan has been forced to sever online services to its campus community on the eve of a new academic year due to what appears to be a targeted cyberattack.

In a series of updates starting Sunday, Aug 27, U-M reveals that its IT network was compromised, prompting it to cut internet access amid security concerns.

“Sunday afternoon, after careful evaluation of a significant security concern, we made the intentional decision to sever our ties to the internet,” the university says. “We took this action to provide our information technology teams the space required to address the issue in the safest possible manner.”

U-M doesn’t say outright it was a cyberattack, only that “Our Information Assurance team, in partnership with leading cybersecurity service providers, detects, deflects, and mitigates a steady stream of malicious actors every hour of every day.”

The notice doesn’t say if the threat actors made any demands, so it’s not yet clear if this is a ransomware attack. It’s not uncommon for ransomware actors to hit educational institutions on the eve of a new academic year. Freezing IT systems just as the school year begins can pressure school management to pay ransom so students can pay their tuition and attend classes on schedule.

“We recognize that cutting off online services to our campus community on the eve of a new academic year is stressful and a major inconvenience,” the school says. “We sincerely apologize for the disruption this has caused […] The U-M Division of Public Safety and Security and federal law enforcement partners have been informed and are involved.”

Campus internet (wired and WiFi) is still down, but cloud services like Google, Canvas, Zoom, Adobe Cloud, Dropbox, Slack and other systems are back online and reachable when using off-campus and cellular networks.

U-M’s IT staff is working “around the clock” to get everything up and running again.

“Our team of IT and cybersecurity experts has made significant progress over the past 24 hours,” according to the latest update, dated Aug 29.

In recognition of the challenges faced during this outage, students will be given consideration for late class attendance or missed assignments, late registration or disenrollment fees.

The impact varies across U-M campuses. For instance, all clinical applications at Michigan Medicine are functional and no patient care was disrupted, the university says.

As of today, all students, faculty and staff can authenticate into their U-M accounts and access umich.edu when using off-campus or cellular networks which, the school notes, may suffer hiccups due to the heavy workload on cellular towers.

Notably, U-M’s notice doesn’t even hint at the possibility that student or faculty data may be at risk, which would rule out a ransomware event. If this was indeed a targeted attack, the bad guys may have simply aimed for disruption and bragging rights in hacking circles.