(Editor's note: This has been updated to reflect that the malware disrupted UOG's web services and not its entire computer network.)
The University of Guam estimates it could take a few weeks before its web services can be fully restored following a malware attack and an attempt to get a ransom.
"The recovery effort has been cautiously slow to ensure that no systems will be exposed to another attack. Restoration of vital services is expected within the next few weeks," a UOG statement released Sunday evening states.
The malware attack occurred on Oct. 12, Jonas Macapinlac, chief marketing and communications officer at the local university, confirmed on Sunday.
The breach started with an email containing the malware, which was inadvertently opened or downloaded within the UOG community. Malware is malicious software that hackers use to attack computer files or computer systems.
The malware gave the cyberattacker access to some of UOG's files.
"We noticed unusual network activity and found the malware altering some system files. That’s when we isolated/contained it," Macapinlac said.
The hacker then provided an email for UOG to reach out to for details on how to get its data back, Macapinlac said.
"To clarify, there wasn't an active ransom attempt. Rather the intent of this type of malware – if successful – would be to compel an organization to pay to get back access to their files," Macapinlac said.
"An anonymous email address was included in the files affected that were analyzed. Basically, 'contact us if you want your files back,'” Macapinlac stated.
He said UOG didn't pay any ransom and informed the FBI about the situation.
UOG never found out what the ransom demand was because the local university did not contact the email provided, Macapinlac said.
UOG's information is stored on backup after backup of storage, Macapinlac said. UOG was able to prevent other files from being breached, he said.
UOG alerted its current faculty, staff and students about the malware attack and assured them their information was not compromised, Macapinlac said.
Former students and former staffers of the local university were not contacted.
The malware attack did not get into critical files UOG had – including personal information on its students, faculty and staff, Macapinlac said.
The attack did prompt UOG to install additional security measures to prevent future attacks on its system, he added.
"We’ve been without some of our network services over the last few weeks, but thanks to swift action by our IT team, we’ve been able to continue with business as usual — with a few adjustments. We’re working very hard to bring everything back up to normal as soon as possible,” said Thomas Krise, UOG president.
In 2019 alone, 89 U.S. universities, colleges and school districts became victims of such attacks, followed by at least 30 in the first five months of 2020, Nir Kshetri, professor of management at the University of North Carolina Greensboro, wrote in an article called "Ransomware criminals are targeting U.S. universities." The report published July 16 on global education network world.edu.
One of the latest examples, Kshetri reported, was a ransomware attack that struck the School of Medicine at the University of California San Francisco on June 1. University officials transferred 116.4 bitcoins – the equivalent of $1.14 million – to the cryptocurrency wallet of the "NetWalker gang" and received the key to decrypt its own files in return, he wrote.
This malware targets corporate networks and encrypts the data it finds on the attacked devices, Kshetri wrote, adding: This means that the device owner cannot access data on the device until a ransom in cryptocurrency demanded by the criminal is paid.
"To distribute ransomware, NetWalker creators rely on phishing and spam as well as other large-scale network infiltration such as hacking unsecured wireless devices connected to Wi-Fi networks," Kshetri wrote. "After penetrating a network, it can render antivirus software useless."