Campus Alert Archive
CCC

An Attempted Ransomware Attack Locked 16,000 Students Out of Moodle and Email

ORinfrastructure failureadvisorymedium confidence
Confirmed Threat

Clackamas Community College discovered an attempted ransomware attack on its network servers overnight on January 18-19, 2024, and ultimately canceled all classes on January 22, 23 and part of January 24 while it rebuilt systems. The intrusion locked roughly 16,000 students and 900 faculty out of the network, taking the Moodle learning platform and campus email offline. A spokesperson called it an "attempted ransomware attack" traced to an IP address outside the country.

Alerts
3
Response
Killed
Injured
Institution
Clackamas Community College
Community College · OR
~16,000 students
Confirmed Timeline

Alert Sequence

3 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTWebsite
Approximate reconstruction309 chars
Clackamas Community College is experiencing a significant cybersecurity incident affecting our network systems. Out of an abundance of caution, we have taken systems offline while we investigate. Email, Moodle and other online services may be unavailable. Watch this page and your alternate email for updates.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed wording: the college's first public message framed the event as a 'significant cybersecurity incident' before the word 'ransomware' was used by a spokesperson, matching CCC President Tim Cook's quoted characterization.
The notice could not point students to email because email itself was down, which is why coverage emphasized the website and alternate channels.
UPDATEWebsite
Approximate reconstruction294 chars
UPDATE: All classes, both in-person and online, are canceled Monday, Jan. 22 and Tuesday, Jan. 23 as we continue to recover from the cybersecurity incident. Campus offices remain closed to the public. We appreciate your patience as our IT team works around the clock to safely restore services.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: local outlets reported the college canceled all classes on January 22 and 23, then extended into January 24, so the closure stretched beyond the initially announced two days.
Both in-person and online classes were canceled because the Moodle learning platform itself was offline, an unusual situation where a cyber incident closes physical campuses too.
UPDATEWebsite
Approximate reconstruction277 chars
Classes will resume Thursday, Jan. 25. Email and some platforms used for assignments are coming back online, though you may still experience disruptions and slow logins as we continue restoration. Please reset your password when prompted and report any issues to the Help Desk.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

Reconstructed: reporting said students returned Thursday and regained access to email and some assignment platforms while continuing to experience disruptions.
This message is an operational resumption notice rather than an all-clear; it explicitly warns that services were still degraded.
Context

Background

Clackamas Community College, a roughly 16,000-student two-year college in Oregon City, Oregon, detected an intrusion into its network servers in the early hours of January 19, 2024, with IT employees receiving emergency notifications about the attack overnight. The incident knocked out the Moodle learning management system and campus email and ultimately forced the cancellation of all in-person and online classes on January 22, 23 and part of January 24, according to KOIN and KPTV. College President Tim Cook described it as a "significant cybersecurity incident" and a spokesperson called it an "attempted ransomware attack" with an originating IP address located outside the United States. The event occurred the same week as a separate cyberattack on Kansas State University, underscoring a January 2024 cluster of higher-education ransomware activity. Because email was among the disabled systems, the college relied on its public website to push closure notices to students who could no longer log in.
Analysis

Key Findings

A cyber incident, not a physical hazard, closed an entire community college's in-person and online operations for multiple days
Email being offline forced the college to communicate closures through its public website rather than its normal notification channels
The closure extended beyond the initially announced two days, illustrating how cyber-recovery timelines are hard to predict
The attack was part of a January 2024 cluster of higher-ed ransomware incidents that also hit Kansas State University
Outcome
Classes were canceled Monday through midweek; students returned Thursday, January 25 with some platforms still degraded. The college engaged outside forensic experts and law enforcement; no ransom payment was reported and no ransomware group publicly claimed the attack.
Provenance

Sources

  1. News
    Clackamas Community College cancels classes over cybersecurity incident - KOIN
    koin.com
  2. News
    Clackamas Community College cancels classes after cybersecurity breach - KPTV
    kptv.com
  3. News
    Clackamas Community College recovering after 'ransomware attack' - KGW
    kgw.com
  4. Student Paper
    Cyber attack causes college to cancel classes - The Clackamas Print
    theclackamasprint.net
  5. News
    Kansas State, Clackamas Community College respond to cyberattacks - The Record
    therecord.media
Tags
cyberattackransomwarecommunity-collegeoregonmoodleclass-cancellationadvisory
Added May 2026Updated May 2026Via ingestion