The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with the threat actors now leaking data allegedly stolen during the attack.
The hackers posted a long list of documents on their Tor data leak site they claim was stolen from the college, indicating that a ransom was never paid.
The documents date from several years ago until November 24, 2022, possibly indicating that the threat actors maintain access to the breached systems, but this has not been verified.
All documents on the Vice Society site have been made freely accessible to visitors and contain PII (personally identifiable information) in the leaked files.
Cincinnati State listed as the most recent victim on the Vice Society site (BleepingComputer)
Cincinnati State college informed its 10,000 students and 1,000 staff members that they suffered a cybersecurity incident earlier in the month, warning that online services and restoration to regular operations will take time.
The latest update on the cyberattack came on Tuesday this week, announcing the restoration of on-campus networks and email, partial internet access, and classroom computers.
However, voicemail, network printing, VPN access, network and intranet shared drives are all unavailable, while a range of online application and registration portals are also offline.
The college has posted FAQs for the employees, current and new students, guiding them on how to interact with the administration until systems return to normal operations.
However, there aren’t workarounds for all services, so the disruption from the cyberattack remains significant for the college.
Vice Society vs. education
Vice Society has a long history of targeting educational institutions ranging from K-12 school districts to universities.
A new report by Microsoft recently observed Vice Society using multiple ransomware families in attacks against the education sector, including BlackCat, QuantumLocker, Zeppelin, and RedAlert.
In addition to these families, BleepingComputer has seen Vice Society deploying the HelloKitty ransomware in attacks as well.
In September, the FBI warned about Vice Society’s focus on schools and universities after seeing the threat group targeting the education sector disproportionately.
A notable Vice Society victim from the education sector is the Los Angeles Unified (LAUSD), the second-largest school district in the United States.
The threat group has also targeted educational institutes in other countries, like the Medical University of Innsbruck in Austria.