University suffers leaks, shutdowns at the hands of Vice Society

The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isn’t the University’s first encounter with ransomware attacks, though it has proven to perhaps be its worst, given reports of leaks and changes to its IT infrastructure.

Ransomware and a destroyed network

When word spread of the attack back in November, it essentially shuttered the university’s entire network and removed it from the internet. Essential functionality such as email and telephone were entirely non-functional. “Large parts” of the servers were encrypted, alongside the usual ransom demands.

At the time, there was no word as to who did it. This has all changed now, with the leaking of files onto the dark web. A statement from the University mentions that it refused to pay the ransom, not wanting to support criminal offences or contribute to ransomware authors doing it to someone else next time. The University will also be contacting people and institutions affected by the data leak.

The shattering impact of a ransomware outbreak

The data appeared on the Vice Society leak page, which comes complete with pages “for journalists”, “for victims”, and even a blog. A short biography of the University sits above a “View Documents” link. Bleeping Computer says it found “financial documents, research papers, student spreadsheets”, and also backup documents.

Though it’s not possible for anyone but the University itself to confirm the legitimacy of these claims and files, on the surface it doesn’t sound very good. Vice Society has been targeting education for some time now, with an ever growing number of schools and learning resources being massively impacted by the attacks.

The UDE attack alone broke the University’s IT in half at the end of November, bringing portions of the network back online in a way that was so unsatisfactory that the whole thing had to be rebuilt from the ground up a week or so into the start of January.

This is, of course, potentially devastating for educators who can no longer teach effectively, and students themselves who can no longer learn without additional hurdles to jump. Not all education sectors have the ability to teach remotely or even provide learning materials away from the classroom. If this disruption spills into test time or revision periods, things can quickly become a bit of a nightmare all round.

Stop ransomware

Keeping ransomware at bay

It’s not easy to fend off a determined ransomware attack, especially from an experienced group or someone making use of professional Ransomware as a Service (RaaS) tools. However, there are many ways to reduce the attacker’s window of opportunity.

  • Plan your emergency response. Who is responsible for what, and which data needs removing from the network as fast as possible?
  • Lock down your Remote Desktop Protocol. Weak passwords, no 2FA, and no limit on how many times someone can try to login spells disaster.
  • Backup your data. Keep it away from the network, and test the backups on a regular basis.
  • Update your devices and your security tools, and run regular security scans across the network.

Stay safe out there!

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.