Grand Rapids Community College’s Information Technology (IT) department received an email with a word document containing a “high threat” tescrypt malware virus yesterday morning.
“It’s basically a malware that encrypts your data, or more commonly known as ransomware,” said David Anderson, chief information officer at GRCC.
Anderson said after the malware encrypts all the victim’s data, those behind the malware hold it for ransom, attempting to get the victim to pay for the stolen data.
The virus hit the campus at 8:15 a.m. June 23. IT workers found the virus at 10 a.m. It was affecting a shared drive between faculty and staff.
“It encrypted data on two (stations),” Anderson said. “We were able to stop it before it got very far.”
An email was sent out notifying staff to not use the shared drive.
After IT was able to take down the virus, they identified where it came from, blocked that source, and reported it to federal authorities. The drive was able to be backed up to four hours before the virus hit campus, but newly saved work could not be recovered. A student employee and a staff member were affected.
Anderson said the potential risk from the virus was very high but no personal information was stolen.
“It could have encrypted every directory, every disk drive on campus, everywhere we put data,” Anderson said. “Containment kept this down to a relatively insignificant incident.”