CINCINNATI, Ohio — The Vice Society ransomware group has claimed responsibility for a cyberattack at Cincinnati State Technical and Community College.
The hackers posted a list of documents on their leak site that they claim was stolen from the college after it refused to pay a ransom, reports CyberSecure. The documents, which contain personally identifiable information, date back several years ago through Nov. 24, 2022, suggesting the threat actors still have access to the compromised systems.
Earlier this month, the school informed its 10,000 students and 1,000 employees that it suffered a cybersecurity attack, warning that online services and restoration to regular operations would take time. As of Tuesday, officials said the school had restored on-campus networks and email, partial internet access, and classroom computers. Voicemail, network printing, VPN access, network and intranet shared drives are all unavailable. Some online applications and registration portals are also offline.
Following the attack, the college posted FAQs for current and new students and staff to help guide them on how to interact with administration until systems return to normal operations. It includes information such as how to register for classes, how to apply to the school, and how to pay tuition bills.
A recent report from Microsoft warned Vice Society is heavily targeting the education sector, preying on organizations that have weak security controls and a higher likelihood of compromise and ransom payout. The report determined the group has used multiple ransomware families in attacks against K-12 schools and colleges and universities, including BlackCat, QuantumLocker, Zeppelin, RedAlert, and HelloKitty.
In September, the FBI and the federal Cybersecurity and Infrastructure Security Agency (CISA) also warned about Vice Society’s focus on schools and universities. The day prior, the group attacked the Los Angeles Unified School District (LAUSD), the second-largest district in the U.S. The hackers leaked stolen data the day after the superintendent said he would not negotiate or pay a ransom.
The release of data came two days earlier than the deadline set by Vice Society, which originally targeted the district over Labor Day weekend and claimed to have stolen 500 gigabytes of data.