MSUM officials: "servers were encrypted and locked by ransomware"

(Fargo, ND) — Officials at MSUM provided an update Friday morning on “network issues” which have caused disruptions in various internet-related and online resources since February 1st.

The University released a detailed written update, and a letter from campus President Dr. Timothy Downs, in which it was revealed that “a few servers were encrypted and locked by ransomware”.

WDAY Radio Now is sharing below the entirety of the release that was sent to the newsroom. 

We will continue to follow this developing story.

“Cybersecurity Incident at Minnesota State University Moorhead

Summary | Feb. 16, 2024

Background: On Thursday, Feb. 1, 2024, the Minnesota State University Moorhead IT team discovered
that some servers were not performing as expected. MSU Moorhead’s IT team immediately activated its
Incident Response (IR) plan, which included taking services offline – including university file servers,
printing and the website — to prevent spread and perform more extensive investigation
and discovery. Upon further review, it was discovered a few servers were encrypted and locked by
ransomware. Enterprise systems (used by all of Minnesota State), including D2L, Zoom, ISRS (Integrated
Statewide Records System) and web-based Office 365 products were not affected, and classes were not

The full extent of the incident continues to be under investigation.

• At this time, the forensics analysis indicates that the affected servers did not house sensitive
data like social security or credit card numbers.
• If we ever determine that personal information was accessed, we will notify impacted
individuals as appropriate and in accordance with the Minnesota Government Data Practices Act
and other applicable law.
• We continue to actively restore services. Services that have been restored are safe to use.
• Enterprise services such as D2L (Brightspace) and ISRS were not affected by this event.
Appropriate workaround methods were created and shared in daily updates to ensure teaching
and learning activities continued throughout the event.
• Based on analysis, no other Minnesota State college or university has been affected. We
continue to monitor our networks for malicious activity.

What is ransomware?

• Ransomware is a form of malware that is used by malicious actors to prevent users from
accessing files, and in some cases, extract and hold data hostage until a ransom is paid.
• Ransomware attacks have become increasingly pervasive in recent years. Education systems and
state and local governments have become a primary target.
• It is Minnesota State Colleges & Universities policy that institutions do not pay ransom.

How did MSUM respond?

After learning of the incident, MSU Moorhead quickly took action to contain the threat, secure systems,
and restore the affected servers.

• An Incident Response (IR) plan was activated once IT became aware of the incident. A team
from Minnesota State engaged within two hours, and our IR vendor engaged that same day.
• Teams have been working since Feb. 1 to stabilize the services and protect MSUM’s servers and
any potential spread to other servers within the system.
• Daily updates have been provided to the campus community about the recovery process and
available services.
• We continue to work with our IR vendor and appropriate law enforcement agencies.
• Best practices learned from this event will be shared with all other Minnesota State colleges and
universities to help protect them from similar incidents.

What should students and employees do?

Although we are not aware of any misuse of information, we suggest that you practice clean data
hygiene at all times to protect yourself:

• Do not use the same password for multiple accounts.
• Change your passwords regularly, including personal accounts that may contain sensitive
personal or financial data.
• Implement multi-factor authentication wherever possible, including personal accounts.
• Use a phone Authenticator App as your second factor of authentication.
• Do not access restricted or highly restricted data from non-MSUM owned devices.

Message from President Downs:


To our employees, thank you for your service to the university during this incident. Your resolve to
continue our mission and demonstrate our values has been noticed, admired, and appreciated. Thank
you for listening to students, removing barriers, finding workarounds, and doing everything you can to
continue serving students.

To our students, thank you for your patience and understanding. We know this incident caused
disruption in your lives and presented challenges. We appreciate your resilience and perseverance in
facing the daily uncertainties and making the best of the situation.

We were advised not to share anything about the cause of our network outage until an investigation
was completed. Perhaps one of the hardest things about waiting to share the cause is that it left space
for a perception that our IT team was struggling. In fact, just the opposite is true. I have witnessed their
skill, grit and determination first-hand. Both our incident response vendor and our system office have
praised the design of our network and our IT team’s quick work to contain the issue and restore

As we remain focused on the goal of serving our students and providing an exceptional learning
experience, I ask you to continue extending grace to your fellow Dragons. I’m proud to be a part of this
learning community.

Go Dragons!”



Recommended Posts