The threat actor Vice Society has claimed responsibility for the ransomware attack against the University of Duisburg-Essen (UDE) in November 2022 and has reportedly published some stolen data on the dark web.
UDE made the announcement over the weekend, saying the data publication resulted from the university not complying with the attackers’ ransom demands.
At the same time, the university clarified that all its security measures were based on the Federal Office for Information Security (BSI) standards and the BSI IT baseline protection methodology.
“The fact that the attackers still managed to extract data and make ransom demands once again illustrates the organization’s highly professional approach and criminal intent,” the university said.
UDE added that immediately after the attack was discovered, the university shut down the entire IT infrastructure and disconnected it from the network. Thanks to this, the criminal organization would have only obtained a limited amount of data.
“The published data is currently being evaluated,” explained UDE. “If the breach affects people or institutions, they will be informed as soon as possible.”
According to Raj Samani, SVP chief scientist at Rapid7, it is admirable that UDE did not pay the ransom demanded by Vice Society.
“As well as not paying ransoms, organizations should implement technologies and security controls that don’t just detect potential intrusion or lateral movement but also protect data should the threat not be eliminated earlier, such as [through] the use of file encryption,” Samani told Infosecurity.
This is not Vice Society’s first ransomware attack on the education sector. In 2022, the group targeted the Cincinnati State Technical and Community College, the Medical University of Innsbruck and the Los Angeles Unified School District.
“Education was the most highly targeted vertical when it came to publicly disclosed ransomware attacks in 2022, with Vice Society claiming the majority of those incidents,” explained BlackFog CEO Darren Williams.
“When it came to data exfiltration, over 50% of these incidents involved data exfiltration, although we expect this number to increase as data breaches are reported several months later.”
Vice Society is also believed to be behind a recent leak of confidential data from 14 UK schools.