University suffers leaks, shutdowns at the hands of Vice Society
The Vice Society ransomware gang is back and making some unfortunate waves in the education sector. According to Bleeping Computer, the Society has held their ransomware laden hands up and admitted an attack on the University of Duisberg-Essen. Sadly this isnât the Universityâs first encounter with ransomware attacks, though it has proven to perhaps be its worst, given reports of leaks and changes to its IT infrastructure.
Ransomware and a destroyed network
When word spread of the attack back in November, it essentially shuttered the university’s entire network and removed it from the internet. Essential functionality such as email and telephone were entirely non-functional. âLarge partsâ of the servers were encrypted, alongside the usual ransom demands.
At the time, there was no word as to who did it. This has all changed now, with the leaking of files onto the dark web. A statement from the University mentions that it refused to pay the ransom, not wanting to support criminal offences or contribute to ransomware authors doing it to someone else next time. The University will also be contacting people and institutions affected by the data leak.
The shattering impact of a ransomware outbreak
The data appeared on the Vice Society leak page, which comes complete with pages âfor journalistsâ, âfor victimsâ, and even a blog. A short biography of the University sits above a âView Documentsâ link. Bleeping Computer says it found âfinancial documents, research papers, student spreadsheetsâ, and also backup documents.
Though itâs not possible for anyone but the University itself to confirm the legitimacy of these claims and files, on the surface it doesnât sound very good. Vice Society has been targeting education for some time now, with an ever growing number of schools and learning resources being massively impacted by the attacks.
The UDE attack alone broke the Universityâs IT in half at the end of November, bringing portions of the network back online in a way that was so unsatisfactory that the whole thing had to be rebuilt from the ground up a week or so into the start of January.
This is, of course, potentially devastating for educators who can no longer teach effectively, and students themselves who can no longer learn without additional hurdles to jump. Not all education sectors have the ability to teach remotely or even provide learning materials away from the classroom. If this disruption spills into test time or revision periods, things can quickly become a bit of a nightmare all round.
Keeping ransomware at bay
Itâs not easy to fend off a determined ransomware attack, especially from an experienced group or someone making use of professional Ransomware as a Service (RaaS) tools. However, there are many ways to reduce the attackerâs window of opportunity.
- Plan your emergency response. Who is responsible for what, and which data needs removing from the network as fast as possible?
- Lock down your Remote Desktop Protocol. Weak passwords, no 2FA, and no limit on how many times someone can try to login spells disaster.
- Backup your data. Keep it away from the network, and test the backups on a regular basis.
- Update your devices and your security tools, and run regular security scans across the network.
Stay safe out there!
We donât just report on threatsâwe remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.