Written by Bailey Wilson, Managing Editor.

After two months, there is a definitive timeline on what happened after VSU’s networks were hacked into.

In late June of 2024, a zip file containing malware was downloaded onto a computer on campus, which went undetected and inactivated until December. It entered the system through a “business-needed template” and remained invisible until VSU’s network went down on Dec. 28, 2024, when the malware was executed.

The perpetrator is known to target higher education and healthcare. During the intrusion, the malware was able to gain access to university files.

“There were data files that the threat actor was able to copy to their cloud storage,” Kevin Overlaur, IT Executive Chief, said. “The entire population of the files impacted were identified.”

It is unknown at this point in time if the files are affected by the Family Educational Rights and Privacy Act or if it is Personally Identifying Information, though the System Office Cybersecurity team is working to scan all of the files that were affected by the malware.

“VSU will then take the necessary notification and monitoring steps needed to notify those impacted,” Overlaur said.

VSU was not the only school impacted by these intrusions, according to Overlaur. Since the hacker is known to work against education, other schools within the USG network were hit with similar incidents. According to USG’s System Status, nearly 20 schools were identified as having malware intrusions in their GeorgiaBEST Banner Managed Services, such as Abraham Baldwin Agricultural College, Georgia Southern University and University of West Georgia, among others.

“An additional USG institution was infected by a similar payload early last year,” Overlaur said. “However, it was identified early in the malware lifecycle and had no impact to their network.”

The incident sent shockwaves through the school, a ripple effect that entered every aspect of working life in the university. Classes, housing, police services, and even dining were unable to proceed with their usual work, as the outages caused by the intrusion made their systems unusable until they had been checked for malware.

Where the university was supposed to return to operations on Jan. 3, they were forced to push back the date until Jan. 8 and even then, on limited operations. Classes returned over a week later than initially scheduled, on Jan. 13.

The hacking incident also made many people aware of how fragile VSU’s network can be.

“The most common feedback that I have received from VSU users is coming to the realization of how easy it is to infect a network,” Overlaur said, “as well as seeing the disruption to faculty and staff returning to work after the holiday as well as to the start of the Spring semester.”

The network is nearly at 100% capacity after the incident, which has brought a new focus to IT and network services: prevention.

“This event should instill a renewed diligence across campus among all VSU network users to ensure web interaction is only done with known and trusted sources as well as being sensitive to receiving emails of unknown origin and the possible risk of interacting with their attachments and links,” Overlaur said.

There have been strides to resolve these risks, both on a university-wide and state-wide scale. The process started by scanning all of the network aspects for further issues, shutting down the systems affected and dealing with it once they found the problem.

“Those devices clean of these symptoms were brought back online while those showing signs of malware compromise were typically rebuilt,” Overlaur said. “This was the most time-consuming part of bringing the network back online.”

After this, antivirus software was updated across the network, and rules were added to network software to control how communication across the network functions. “Command and control” solutions are also in consideration, which would use AI to detect irregular patterns in the system and act against anomalous functions.

“We will never be able to make the VSU network 100% resistant to a malware infection,” Overlaur said. “Our focus in 2025 regarding cybersecurity resilience is to continue to educate VSU network users on possible threats to our data and systems and have improved monitoring and remediation technology in place to better detect and breaches similar to what we experienced early in its lifecycle before it has the opportunity disrupt the VSU student academic experience.”

Photo courtesy of Unsplash.