Lincoln College Shuts Down After 157 Years Following Ransomware Attack

Lincoln College, a private school based in Illinois, announced this week that it will be closing permanently following a ransomware attack.

The liberal arts college opened in 1865, but it began suffering financial hardship during the COVID-19 pandemic. Like many schools, it was required to invest in technology to support remote working and faced a prolonged period of upheaval and uncertainty.

Enrolment numbers fell at the start of last year, and as it struggled to stay afloat, it suffered a catastrophic ransomware attack.

The school’s staff and students were locked out of their accounts, and with no access to systems that were essential to run classes and perform other business operations, senior staff decided the only course of action was to meet the cyber criminals’ ransom demand.

Lincoln College President David Gerlach refused to disclose exactly how much the school paid, but he confirmed that it was under $100,000.

That’s a relatively small sum compared to similar attacks, but it no doubt reflects the school’s financial situation at the time. It was already in financial difficulty prior to this incident, and with few resources to support the school’s recovery from the cyber attack, things got out of control.

It took months to fully restore its systems, and it was only with everything back online that staff could project student enrolment for the upcoming year. Far from the boost that they were expecting, student numbers remained low.

“Fairly instantly I knew that would not be enough to sustain us,” Gerlach said.

In late March, he announced to students that the school would close within two months unless they found an angel investor. He estimated that Lincoln College needed $50 million to remain operational.

It was unlikely, if not impossible. But it didn’t stop people from trying. Alex Redd, a student at the school, contacted wealthy foundations, while others started a social media campaign.

A GoFundMe page was also launched, but it has received only a fraction of its goal.

How did this happen?

That one of the oldest schools in the US, one that remained open through two World Wars, the Great Depression, COVID-19 and a major fire, has been forced to close after a ransomware attack is nothing short of a disaster.

Moreover, Lincoln College boasted federal status as a predominantly black institution. Almost half of its students were African American, making it eligible for grants and able to support students in need of financial aid.

“The loss of history, careers and a community of students and alumni is immense,” David Gerlach said.

But if Lincoln College played such a crucial role in the community, why was it unable to handle a ransomware attack and why did it not receive government support?

Ransomware is one of the biggest cybersecurity threats organizations face, and the education sector has been repeatedly warned about the dangers.

Schools and colleges are especially vulnerable to ransomware because there are severe knock-on effects if disruption lingers.

Unlike private-sector firms, the education sector faces risks beyond the loss of production and revenue. For example, students’ classes and exams could be disrupted, which could in turn affect their ability to submit essays or graduate.

The U.S. government has talked often about combating the risk of ransomware. Last year, the White House unveiled new initiatives to address the threat. It included a State Department programme that mirrors its anti-terrorism scheme in offering financial rewards for information that helps prevent or identify attackers.

Ransomware attacks have decreased since then. According to our sister site, there were fewer than 50 publicly reported incidents in Q1 2022, a 33% decrease on the previous quarter.

However, we cannot expect government initiatives to eradicate the risk altogether. Indeed, part of the success in tackling ransomware is a greater public awareness of the threat, leading to organizations doing more to prepare for attacks.


Cyber Incident Response Management – A beginner’s guide

For today’s organizations, which rely heavily on technology and the Internet to do business, cyber attacks are a very real threat.

Worse, the cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation.

Being prepared with solid incident response plans and procedures can significantly mitigate the impact of cyber incidents.

We explain how you can prepare for a cyber attack in our free green paper: Cyber Incident Response Management – A beginner’s guide.


Lincoln College’s downfall is that it didn’t heed these warnings and had no plan for what would happen when a security incident occurred.

The writing was on the wall long before the fatal cyber attack. When David Gerlach was named president in 2015, he recognized the school’s need to rethink its financial strategy.

He persuaded the board to go back to four-year degrees, believing that the college couldn’t compete with cheaper alternatives. The strategy brought a short-term boost in enrolment, with record numbers of students arriving in 2019.

However, it failed to capitalize on this success and invest in security measures to counter the growing cyber threat. It instead continued to overspend on other aspects of its operation, with tax documents showing that Lincoln College’s $38 million subsidy was halved within a few years.

Crucially, little if any of the money that the school brought in was going towards cybersecurity. The board might have assumed that, being a small college in a relatively poor area would mean it wasn’t on cybercriminals’ radar, but that’s not how attackers operate.

Crooks target weaknesses rather than specific organizations, and they are relentless in their attacks. It’s why everyone – and schools in particular – must prioritize cyber defenses.

How to prevent cyberattacks

The key to protecting your organization from ransomware is educating employees on the threats. Most attacks occur by exploiting human error. Cyber criminals often plant malware in phishing emails and trick employees into opening malicious attachments or clicking bogus links.

Another common tactic is to hide malware in pirated software or bogus websites. Employees who use those services unwittingly release malicious code onto their devices, triggering an attack.

You can teach your staff to avoid falling for these traps with IT Governance USA’s Ransomware Staff Awareness E-learning Course

This online course provides a comprehensive introduction to ransomware in just 30 minutes. It’s designed for all employees, and covers: 

  • The threats posed by a ransomware attack; 
  • The main forms a ransomware attack can take and how they work; and 
  • Actions that individuals and organizations can take to help protect against ransomware.