scorecardresearch Skip to main content

UMass Lowell says it wasn’t hit by ransomware, will resume some operations Thursday

The University of Massachusetts Lowell East Campus.Blake Nissen for the Boston Globe

The University of Massachusetts Lowell plans to resume business operations on Thursday after a two-day closure due to a possible cyberattack. But classes will remain canceled Thursday, and the university will be closed Friday, as planned, in recognition of the Juneteenth holiday.

On Tuesday, the school had to take its website offline and isolate its computer network, forcing the cancellation of online and in-person summer session classes and the shutting down of all business operations. The school also installed an app called Red Cloak, from the cybersecurity firm SecureWorks, to root out malware or other hacker-installed programs.

Late Wednesday afternoon, UMass Lowell announced it was bringing some systems back online and could restart business operations on Thursday.


”While some organizations in this situation may have continued to operate their IT infrastructure while trying to address the impact, out of an abundance of caution, we suspended all network access to minimize any potential damage while we work with our cybersecurity forensic partner to identify and restore our systems,” Michael Cipriano, chief information officer at the school, said in a statement.

School officials said they were working on adding make-up dates for missed classes and looking at extending deadlines for students registering for the fall.

While the school was not giving many details about what it described as “a possible cybersecurity incident,” a spokeswoman said the problem did not involve ransomware, a type of software that locks away a victim’s data until they pay a ransom to the hackers, typically in the form of the cryptocurrency bitcoin; such incidents have been on the rise. Other kinds of cyberattacks may seek to steal personal information to sell to identity thieves or co-opt computer networks to use in further criminal activity.

The state’s Executive Office of Technology Services and Security declined to comment but was aware of the incident.


Public schools and universities generally lack the cybersecurity expertise and resources of similarly sized corporations, making them attractive targets for hackers, said Cybersecurity Ventures analyst Steve Morgan. “The criminals know this and they target the most vulnerable organizations,” he said. “That’s why K-12 schools and universities are constant victims now.”

A widespread cyberattack in December and January stole student information from schools including Stanford University, the University of California, the University of Maryland, and Yeshiva University in New York.

Ransomware attacks have been drawing more attention than simple data thefts this year, after Colonial Pipeline and JBS, the world’s largest meat processor, both said they had been hit and paid ransoms. The Justice Department last week said it had traced the bitcoin transaction from the pipeline company to the hackers and recovered $2.3 million, about half of the ransom.

In Massachusetts, school districts including those for Haverhill, Rockland, Medfield, and Springfield have been hit by ransomware and other kinds of cyberattacks over the past year, which in some cases crippled remote-learning efforts.

”I’m kind of surprised that [UMass Lowell] confirmed that it’s not . . . ransomware, because usually we see ransomware hacks on those types of institutes,” said Lior Div, CEO and cofounder of Cybereason, a Boston cybersecurity company. “Usually universities can pay in order to get back to normality.”

Aaron Pressman can be reached at Follow him @ampressman. Hiawatha Bray can be reached at Follow him @GlobeTechLab.