Ransomware disrupts Lake Superior State University, Michigan

Lake Superior State University in Michigan is dealing with an IT disruption that began around Nov. 10, with an internal email describing ransomware affecting some campus computers and servers while Moodle access remained limited as of Sunday.

In a campuswide message reviewed by DysruptionHub, Chief Information Officer Julie Hober said IT is responding to “a ransomware attack that is affecting some campus computers,” has temporarily isolated many systems, and is working with security partners and law enforcement to restore files safely. The message warned users not to engage with related communications.

Phone screenshot of an email from LSSU CIO Julie Hober titled “Campus Update – Cyber Incident,” noting ransomware impact on campus systems and temporary isolation of services. — Screenshot of a campuswide message titled “Campus Update – Cyber Incident,” sent by LSSU CIO Julie Hober, describing a ransomware attack affecting some campus computers and limiting access to services such as Moodle. Credit: Bee Jeffries via Facebook post.

Publicly, the university has not posted a statement labeling the disruption a cyberattack. As of Sunday, LSSU’s website instead displays a site-wide banner reading, “We are currently experiencing outages,” and the News page has no cyber-incident update.

Student posts from Nov. 11 showed lab desktops displaying a lock-screen interface referencing “Qilin ransomware.” One post called Nov. 11 “day two,” indicating the disruption likely began around Nov. 10. The Hub @ LSSU, a campus credit-union kiosk, also reported its ITM was unavailable on Nov. 11 due to a campus internet outage, supporting reports of broader network impact.

Dell monitor in an LSSU computer lab displaying a red ransomware lock screen with the words “Your system has been blocked” and “Find the README.TXT file,” keyboard and tower visible. — A campus lab desktop at Lake Superior State University shows a lock screen reading “Your system has been blocked” and references to “Qilin ransomware.” Credit: Bee Jeffries via Facebook post.

The university has not attributed the incident to any group or reported data theft, and it has not provided a restoration timeline. Class impacts varied by instructor while lab systems were offline, according to student accounts reviewed by DysruptionHub.

Lake Superior State University is a small public university in Sault Ste. Marie with more than 1,700 undergraduates. The city saw another high-profile ransomware case earlier this year when the Sault Ste. Marie Tribe of Chippewa Indians suffered an attack that disrupted administration, casinos, and clinics.

Officials said additional updates would follow as systems are restored. The website’s outage banner and availability of services such as Moodle will indicate progress.

No public attribution by LSSU; start date phrased as “around Nov. 10” based on student posts; internal email used for characterization of ransomware; website and third-party post used to corroborate disruption.