Update on Sul Ross cyberattack

The grueling work continues in the Office of Information Technology’s temporary command center, as a team of 12 work to put Sul Ross State University back online after a recent malware attack.

The attack brought down 44 Windows-based servers.

“They just disappeared,” OIT Chief Operating Officer Dave Gibson said.

The attack was discovered June 21 and set in motion Gibson’s team of computer wizards to the rescue.

They moved from their individual offices to a large shared room with a whiteboard to chart problems and progress. Each team member has a unique assignment, but the group setting allows them to cross reference problems. Gibson said the dedication and work ethic of this team is making things run a lot faster.

“They’re working their butts off,” he said. This kind of attack is a first for Gibson. In the past, malware infections were easy to fix, as they usually only affected one PC at a time. The recent attack affected all 2,000 PCs on campus, and each one will need to be individually scanned by OIT staff before reconnecting to servers.

“We’re in the throes of a lot of heavy lifting,” Gibson said.

Sul Ross email is up and running, though restoring all data from backups may take longer, since thy are dealing with massive amounts of data.

It will probably take another month to scan all computers on campus and restore all data, but the end is in sight.

Going forward Gibson said, “We need to have a more robust disaster plan.”

Malware is introduced by computer users who open an infected document, spreadsheet, or email.

OIT already sends out monthly reminders that cover the basics of virus protection, like asking users not to open documents they aren’t expecting and to delete unexpected emails. “But we know people are going to click on things,” he added.

It’s never obvious when a file is carrying malware; all it takes is one click, and the malware can take hold in a computer’s software without the user ever noticing.

The challenge for OIT is to find more effective ways to remind people not to click on suspicious emails and to quickly address when the aftermath when they do click. Gibson believes this kind of attack could happen again. Backups are the solution to protecting campus data in the future. “And we have good backups,” Gibson assured.