May 22, 2020

Andrews University Responds to May 14 Encryption Malware Incident on Its Computer Systems

Andrews University

This article, provided by Andrews University, is an updated and corrected version of a story that first appeared on this site on May 18--Editors

Early Thursday, May 14, 2020, Andrews University became aware of an encryption malware incident on some of the University’s computer systems.

The University is working closely with external cybersecurity professionals and forensic investigators to determine the cause and scope of the incident. In the hours and days since the initial attack, the University’s Information Technology Services team has been able to identify and contain the specific spread of this malware infection. There is no evidence that any sensitive or personal information was accessed or taken during the incident.

The malware attack primarily affected Andrews University’s Windows servers and personal computers using the Windows Operating System. Many other campus systems used both on- and off-campus were not affected by the attack. 

While the University’s email system utilized by faculty and staff was impacted, a solution was quickly identified ensuring that all University faculty and staff have access to and remain available by email.

Currently, the ongoing active recovery efforts include the careful rebuilding and restoration of full functionality for the servers and PCs affected by the attack. This process to address and fully resolve affected systems is expected to continue for some time.

“Here at Andrews University, we are very grateful for our team of IT staff who have been working nearly around the clock to detect, address and contain the impact of the malicious actors behind this attack. While the recovery will take time, I am confident that we will succeed in recovering and restoring all IT services to support the University as it continues to meet its mission,” says Lorena Bidwell, chief information officer. 

Andrews University takes this matter very seriously and will continue to take significant measures to protect the information maintained by the University. As the investigation continues, updates will be provided as appropriate.