GREENSBORO, N.C. (WNCN) – Universities across the country are being hit by ransomware attacks that shut down facilities, steal people’s personal data and make them pay to start using their systems again.

Since the start of the year, seven universities around the country have been targeted by ransomware attacks with the latest happening in our backyard at N.C. A&T.

The perpetrators taking credit for this call themselves “The Black Cat Ransomware Group” which has links to the Colonial Pipeline Ransomware shutdown.

In the case of those victimized, this “black cat” has certainly brought them bad luck.

N.C. A &T was attacked during spring break in March, crippling its online systems.

The university got hit by a ransomware threat,” said Joel Hollenbeck of Check Point Software Technologies. “The most likely avenue to get in was through phishing emails.”

Cyber security experts like Hollenbeck say schools are good targets because their networks are more open and more vulnerable to threats.

In N.C. A &T’s case, Hollenbeck says hackers posted a claim on their website saying they got personal information including social security numbers, contracts, financial information, email databases and more.

When Consumer Investigator Steve Sbraccia asked the school about the claims, spokeswoman Jackie Torok denied that, saying multiple investigations “showed no current faculty, staff or student data were affected.”

“Most of the time, victims of ransomware will initially deny breaches of personally identifiable information or anything sensitive because they don’t have the evidence upfront,” said Hollenbeck.

If you are connected to the school, he advises not to wait for signs of online trouble.

“They should start looking at credit reports, change all passwords for every service they use, enable multi-factor authentication where possible, and monitor bank account activity,” said Hollenbeck.

Sbraccia also asked the school if it paid the ransom.

It avoided answering that question in its email. However, in many cases that’s exactly what happens said Hollenbeck because insurance companies holding cyber insurance policies demand it.

Hollenbeck said the insurance companies tend to pay off because “it’s cheaper than the restoration of the services outside of paying the ransom.”

Meanwhile, we do know that five weeks after the attack the school does not have all of its systems back online. In the email from NC A&T, Torok said, they have “restored the majority of our systems.”

She said the school is working to harden its network to prevent future attacks but declined to elaborate for security purposes.