Campus Alert Archive
Howard

Ransomware Forces Howard to Cancel Classes Just Weeks Into Fall Semester

DCinfrastructure failureadvisorymedium confidence
Confirmed Threat

Howard University detected 'unusual activity' on its network on September 3, 2021, and intentionally shut down the system to investigate what was confirmed as a ransomware attack. The university canceled all online and hybrid classes for Tuesday, September 7 and Wednesday, September 8, rendered campus Wi-Fi unusable for days, and engaged federal law enforcement.

Alerts
2
Response
min
Killed
0
Injured
0
Institution
Howard University
Hbcu · DC
~12,000 studentsHU Alert
Confirmed Timeline

Alert Sequence

2 messages in sequence

Some alert texts below are approximate reconstructions from news coverage, not confirmed verbatim transcripts. Reconstructed texts are shown in italic with a dashed border. Verified verbatim texts have a solid border and are marked accordingly.

INITIAL ALERTEmail
Approximate reconstructionThe Hilltop (Howard student newspaper) — quotes from broadcast email subject line 'Ransomware Cyberattack Update'727 chars
Howard University has experienced a ransomware cyberattack. On Friday, September 3rd, our Enterprise Technology Services (ETS) team detected unusual activity on the University's network and intentionally shut it down in order to investigate. Out of an abundance of caution, all classes scheduled for Tuesday, September 7th will be canceled. This includes online, hybrid, and in-person classes. Each stakeholder on our campus must operate with a sense of heightened awareness. Treat emails from unknown senders as suspicious until you know who has sent it. Refrain from clicking links from unverified senders. Do not create new accounts using your Howard email address. We will share additional updates as they become available.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The all-caps phrase 'sense of heightened awareness' became a meme on Howard student social media within hours.
Reconstructed from quotes in The Hilltop and Washington Post — Howard never published the full text in an official archive.
UPDATEEmail
Approximate reconstructionWashington Post coverage paraphrasing the second-day update535 chars
UPDATE: Online and hybrid classes scheduled for Wednesday, September 8 are also canceled. In-person classes, including hands-on courses such as labs and clinicals for nursing students, will resume Wednesday. We have engaged third-party cybersecurity specialists and notified federal law enforcement and the District government. There is currently no evidence that personal information was accessed or exfiltrated. Wi-Fi remains unavailable across campus; we are working to deploy an alternative wireless network as quickly as possible.

This text has been reconstructed from news coverage and may not reflect the exact original wording.

The split decision — keep labs and clinicals running, but kill online classes — reflects the reality that nursing clinicals at Howard University Hospital could not be paused without operational consequences.
Reconstructed from press coverage; Howard has not posted these messages to a public archive.
Context

Background

Howard University, the flagship HBCU in Washington, D.C., was struck by a ransomware attack discovered on Friday, September 3, 2021, just two weeks into the fall semester. ETS staff detected anomalous behavior on the university's network and intentionally severed it to contain the intrusion. The decision to shut down the network — and with it Wi-Fi, learning management systems, and most administrative functions — forced the cancellation of online and hybrid classes for September 7-8, with hands-on courses like nursing clinicals continuing in person. Howard engaged third-party cybersecurity specialists and notified federal law enforcement; there was no evidence at the time that personal data had been exfiltrated. The incident drew national attention because Howard, like many HBCUs, has a smaller IT security budget than peer R1 institutions — a structural disparity that made the recovery longer and more expensive.
Analysis

Key Findings

Detected Friday September 3, 2021; broadcast email to community sent late Monday September 6.
Two days of online and hybrid classes canceled (September 7-8); in-person labs and clinicals continued.
Howard engaged third-party cybersecurity specialists and notified federal law enforcement and DC government.
Campus Wi-Fi remained unusable for days; alternative network deployment took weeks.
Outcome
Classes resumed in phases beginning Friday, September 10, 2021. Howard reported no evidence personal information was exfiltrated. Network restoration took several weeks.
Provenance

Sources

  1. Student Paper
    Howard University is hit with devastating cyberattack — The Hilltop
    thehilltoponline.com
  2. News
    Howard University cancels classes after ransomware attack — TechCrunch
    techcrunch.com
  3. News
    Howard University Partially Reopens After Ransomware Attack — NPR
    npr.org
  4. News
    Howard University cancels online, hybrid classes — Washington Post
    washingtonpost.com
  5. Official
    Responding to the Cyberattack — Howard University President
    president.howard.edu
Tags
ransomwarecyber-attackhbcuinfrastructure-failurenetwork-outagewashington-dc2021
Added May 2026Updated May 2026Via ingestion