By Hannah Buckingham, Staff Writer
While many Lee students went about their day as usual on Feb. 15, Lee University's Information Technology (IT) department discovered and prevented a dangerous computer virus, known as ransomware, from encrypting the school's entire database.
The initial indication of the virus occurred when the IT department received a call from an individual who was having trouble accessing files on a Lee server account.
Director of IT operations Chris Golden immediately looked into the situation and after examining the files, he discovered that they had been converted into an MP3 format and that at the bottom of the file folder there was a new folder labeled, 'restore.'
When Golden opened the restore folder, text inside indicated that all files within the user's folder had been encrypted, and that in order to restore the files to the original format, Golden needed to send the creators of the virus bitcoins, a form of digital currency that is created and held electronically.
Golden and his colleagues immediately knew that they were dealing with ransomware.
'For those of us in IT, we knew exactly what was going on,' Golden said. 'We knew we had a major issue on our hands.'
Typically, ransomware is transmitted through emails or links, and computers are especially vulnerable if applications such as flash are not updated to the newest format.
The phenomenon is one that has been rampant recently. Most notably in a Los Angeles hospital on the same day. According to NBC, the hospital operated with no access to health records for a week in the wake of hackers' demands for $3.4 billion in bitcoin.
Golden said he thinks the origin of the virus came from an off-campus laptop with an outdated version of flash.
When the laptop was brought on campus, ransomware began to target multiple computers. If the virus is not caught in time, it has the potential to encrypt all the drives mapped on a specific network.
'If you had an A drive, it would start at A and then work its way all the way through Z,' Golden said. 'It's a pretty bad ' especially since storage area network.'
A storage area network, or SAN, provides access to consolidated data storage. Lee's SAN hosts all files used at the university. This includes student and faculty records, as well as other private and important information.
Shortly after discovering the encrypted files, another user called the IT help desk to report a similar issue. Golden knew that he had to act quickly and made the call to immediately pull the SAN off the network.
'It eliminated any possible chances of the encryption to keep going,' Golden said. 'Of course when we pulled the SAN off we pretty much shut down everything in terms of what the faculty could access, and they depend on files to teach classes. It really brought us down to nothing for the time being.'
This was true of William Effer, associate professor of pastoral studies. He recalled IT sending out an email warning faculty to alert them of certain signs on their computer. Effler discovered once such sign on his own office computer.
'Ten minutes later two guys showed up and took my computer and it was gone for ten days,' Effler said. 'They got me a replacement but my computer is quarantined still.'
Once Golden and his team shut down the network, they were able to come up with a strategic plan to eliminate the spread of the virus and restore the network. During the restoring process, the IT team pushed out updates, which caused all computers on the network to reboot. The virus typically will give itself up during a reboot and the IT department was able to see exactly how many computers it had infected in order to effectively stop the encryption process.
Ransomware has infected major businesses and corporations across the U.S., many of which were unable to catch it in time.
'Luckily we were able to get ahead of it,' Golden said. 'We had a good strategy in place and were able to shut it down without having to pay anything.'