Barton Community College has faced its share of cyber-threats, including an attack last November that cost more than $30,000 to clean up, Dean of Information Services Charles Perkins said.
More recently, Barton computers were targeted by ransomware, a kind of malware that encrypts data and holds it hostage. The college has even fended off a fake email like the one that recently prompted an employee at another college to release hundreds of Social Security numbers.
Perkins reported this to Barton trustees, who met Tuesday for their monthly study session.
A quarter of a million Social Security numbers are on Barton’s servers. A major data breach that compromised all 250,000 names would cost more than $2 million to mitigate, Perkins said.
Unlikely as that is, hackers have targeted Barton servers.
“In November our website was attacked,” Perkins said. “The newly repaired website went active an hour ago.” Counting the time that went into dealing with the issue, he estimated it cost the college $30,000 to $40,000.
Last month, Barton County Treasurer Kevin Wondra fell for an email scam and wired $48,600 to a bank in Georgia, thinking he was following orders from the county administrator. Other treasurers have made the same mistake; recently in Missouri, the Platte County treasurer reportedly wired $48,200 of taxpayer money to a scammer.
In April, a criminal impersonating an administrator at Rockhurst University in Kansas City, Missouri, duped a university employee into supplying information on IRS W-2 forms, including Social Security numbers.
Barton received a similar call, but didn’t release any information because the employee followed protocol, Perkins said. She called Dean of Administration Mark Dean, who called Barton President Dr. Carl Heilman, who said, “no.”
Perkins showed trustees the sketchy outline of the “dark web,” a hidden place on the internet where one entrepreneur is offering information from 300,000 Louisiana driver’s licenses for $200,000, payable in the reportedly untraceable digital currency Bitcoin.
“Selling people is pretty cheap — less than a buck,” Perkins said.
“About two weeks ago we were hit with a ransom letter,” he continued. Every Adobe file on the affected computer was encrypted, and the college was given 72 hours to pay a ransom or the files would be lost.
However, Barton has been dealing with cyber security for years. The computer was shut down. Once the problem was isolated, everything was started from safe backups.
“It took us out for eight hours,” Perkins said.
The ransomware may have come in the form of an email that appeared to be from a trusted source, and that prompted the user to “click here” to download a file. Barton processes 20,000 emails a day, after screening out another 80,000 which are rejected as spam.
The college is insured, and makes sure there are multiple servers with backups that are “air gapped,” meaning they are not connected to the internet or to other systems that are connected to the internet.
“It’s just layers of security,” Perkins said.
This article was updated on June 21, 2016, to show Platte County is in Missouri.