Brown University hit by cyberattack, some systems still offline

Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday.

The Ivy League school's IT staff said the attack focused on the university's Windows-based devices and asked faculty and staff to switch to computers running other operating systems, smartphones, or tablets.

The university's Computing & Information Services staff took "a number of aggressive steps to protect the University's digital resources, including shutting down connections to our central data center and systems within it."

"Among the most commonly accessed resources that are temporarily unavailable are Banner, VPN, RemoteApps and some websites hosted on Brown.edu," Brown University Chief Information Officer Bill Thirsk said on Tuesday, March 30.

"We are working with colleagues across the University and are committed to getting systems back online as quickly as possible."

Malware likely involved in the attack

While there were no details shared regarding the nature of the incident, Brown's CIO added that "employees can contact their IT Support Consultant (ITSC) or Departmental Computing Coordinator (DCC) to determine if their Windows machine has 'known-clean' status," hinting at a malware attack.

Since the attack hit Brown's network, the university's IT staff has brought back online most www.brown.edu websites, the library.Brown.edu domain, and listserv services.

"When this was detected, an investigation immediately began and since then, we have been methodically working to determine which specific systems were impacted and to restore the involved systems to operation as quickly as possible," Thirsk added on Thursday.

"A number of systems have remained available from the start, including Banner Self Service, Canvas, Workday, Zoom, and Google."

Brown's IT staff is still working on restoring connectivity and bringing additional systems back online to return operating status to normal.

Update: Brown University sent the following statement after the article was published:

Brown learned on Tuesday of a security incident that impacted the availability of certain systems within the University’s computer network. Upon learning of this incident, we promptly secured digital assets within our computer network and commenced an internal investigation. We are approaching this incident with the utmost priority and are focused on securely restoring the involved systems as quickly and as safely as possible. Our investigation is ongoing, and we will continue to update our community when additional information becomes available.

Related Articles:

US govt shares cyberattack defense tips for water utilities

US offers up to $15 million for tips on ALPHV ransomware gang

US sanctions crypto exchanges used by Russian darknet market, banks

US sanctions APT31 hackers behind critical infrastructure attacks

What the Latest Ransomware Attacks Teach About Defending Networks