IE11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

College Still Grappling With Ransomware Attack

A cyber attack against Napa Valley College two weeks ago blocked access to network systems or took them offline. Administrators say they’re approaching full recovery but aren’t there yet.

The Napa Valley College (NVC) website and network systems were knocked offline as the result of a ransomware attack roughly two weeks ago, a spokesperson for the school has confirmed.

Napavalley.edu was still dark as of Wednesday afternoon, as NVC continued an investigation that began shortly after the site vanished from the Internet on or before June 10. Attempts to visit the site have resulted in the message “This site can't be reached” or a redirect to GoDaddy.com, a company that registers Internet domain names.

As a result of the attack, some of the college’s network systems were “maliciously locked up” while others were taken offline by the college to mitigate the impact of the attack, according to Napa Valley College spokesperson Holly Dawson. Robert Frost, NVC’s interim superintendent/president, said in a statement that the school is approaching full recovery from the attack, but isn’t completely there yet.

Frost added that the school is in the process of notifying all employees and current students about the attack and has arranged for complimentary credit monitoring and identity protection services for 12 months.

“As soon as we became aware of the cyber attack, we commenced an investigation and have been working with state and federal law enforcement and third-party cybersecurity and forensic experts to investigate the incident, assess the potential impact and bring all our systems and services back online,” Frost said.

According to Assistant Superintendent Jim Reeves, the school’s IT team and forensic experts worked around the clock to restore and monitor the safety of all NVC systems before the school started bringing services back online. He said in a statement that NVC has historically underinvested in its IT systems, but efforts were underway to improve them before the attack, and the school is carrying out extra efforts to improve those systems further.

Daniel Vega, who was named NVC interim IT director the day before the attack began, said in a statement the school’s board of trustees had updated its annual goals at a February meeting to make institutional technology a priority. He noted that most of the school’s systems were backed up, which means that ultimately “very little will be lost or compromised.”

Dawson, responding to an inquiry from the Napa Valley Register, confirmed on June 17 that the outage resulted from a cyber attack on the college’s computer systems. Later that day, college officials declined to share further details of the outage, citing their investigation.

The intrusion has blocked Internet users from viewing most parts of the NVC website, although a section hosting meeting agendas for the board of trustees has remained live. Some computer systems were locked up by the intrusion, and NVC’s IT department locked down others as a precaution, Dawson said last week.

©2022 Napa Valley Register. Distributed by Tribune Content Agency, LLC.