Lincoln College is scheduled to close its doors Friday, becoming the first U.S. institution of higher learning to shut down in part due to a ransomware attack.

A goodbye note posted to the school’s website said that it survived both World Wars, the Spanish flu and the Great Depression, but was unable to handle the combination of the Covid pandemic and a severe ransomware attack in December that took months to remedy.


“Lincoln College was a victim of a cyberattack in December 2021 that thwarted admissions activities and hindered access to all institutional data, creating an unclear picture of Fall 2022 enrollment projections,” the school wrote in its announcement. “All systems required for recruitment, retention, and fundraising efforts were inoperable. Fortunately, no personal identifying information was exposed. Once fully restored in March 2022, the projections displayed significant enrollment shortfalls, requiring a transformational donation or partnership to sustain Lincoln College beyond the current semester.”

The Illinois school, which is named after President Abraham Lincoln and broke ground on his birthday in 1865, is one of only a handful of rural American colleges that qualify as predominantly Black institutions by the Department of Education.

Kim Milford, the director of the Research and Education Networks Information Sharing and Analysis Center (ISAC), a nonprofit industry group that helps member colleges to pool and share information about cyberthreats, said the closure underscores the toll that ransomware attacks can take.

“I feel really bad for Lincoln College and wish there was some way we could help, but it can be a very expensive proposition when you’re hit by ransomware,” she said.

Lincoln was not a member of the Research and Education Networks ISAC, Milford said.

Ransomware attacks remain a scourge for businesses and institutions of all sizes. Ransomware is a type of cyberattack in which hackers seize control of a victim’s computers and demand payment in order to make them usable again. In recent years, ransomware hackers have frozen computers at schoolspolice stationscity governmentshospitalsgrain distributors and paycheck services.

In severe cases, they can render entire computer networks inoperable, which can have devastating financial consequences for victims who can’t afford to replace them. After the Baltimore public school district was hit with a ransomware attack, it cost nearly $10 million to remedy its systems. A Lincoln spokesperson declined to share details about its attack or make school officials available for interviews. 

Olivia Partlow, the director of the Lincoln College Museum, which plans to stay open after the college closes, said the college’s closure is “definitely a tragedy.”

“We’ve got a very long history,” she said. “We’re all sad. My great-great grandmother was a graduate.”

The college, which announced its closure March 29, held its final commencement Sunday.

Lincoln’s sudden closure has been difficult for students. Michelle Londono, an international student from Colombia who came on a volleyball scholarship, said that she needs to be enrolled in college in order to get a visa to stay in the country.

“The fact that they told us the news less than a month before closing is what is making this situation very difficult,” she said. “I only have until May 13th, so you could imagine how stressed I’ve been.”

Many ransomware hackers who attack American targets are based in Russia or other former Soviet countries. But even in cases where U.S. authorities know their identities, few of them have ever been arrested in conjunction with American law enforcement efforts.

At least 14 universities have suffered ransomware attacks in 2022, according to Brett Callow, an analyst at the cybersecurity firm Emsisoft. But statistics on ransomware are always incomplete, as not every victim goes public, and there is no comprehensive government or industry tally. 

Lincoln does not appear to have been singled out, Milford said. Ransomware attacks against colleges come from a number of known, distinct cybercriminal gangs, and they don’t appear to have any particular pattern with what kind of college they target, and instead simply go after any victim where they can find a cybersecurity vulnerability, she added.

“People underestimate the cost of recovery,” Milford said. “Getting back operations can take weeks. If you’re a private business or a university or a health care place, you can’t be out of business for two weeks.”