Cincinnati State College one of several schools added to ransomware leak sites on Thanksgiving

Cincinnati State College was one of several small U.S. colleges added to the leak sites of ransomware groups over the Thanksgiving holiday, continuing a trend of educational institutions being targeted by hackers. 

On Tuesday, the school said it is still investigating a cybersecurity incident that occurred in early November and that it is making “progress towards restoring many systems and services.”

Classes have been able to continue online and at all of the school’s physical campuses. Email services are now operational but IT systems are taking longer to be restored, causing “many of the College’s online services to remain offline.”

“For example, college employees, including instructors, cannot currently receive voicemail,” the school said. 

As of Friday, the school said that financial aid services, network printing, VPN tools, department share drives, admission application platforms, transcript exchanges, grading tools and more were all still down. 

Access to campus internet and classroom computers have been restored, however. 

The school did not provide a timeline for when services will be fully returned to normal and did not respond to requests for comment. 

Cincinnati State College provided a lengthy FAQ and "how-to" guide instructing current and prospective students as well as faculty members on ways to get around the outages.

On Thanksgiving, the Vice Society ransomware group added the school to its list of victims. The group has has been spotlighted by both the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) for focusing its attacks on K-12 schools as well as colleges across the U.S.

The Vice Society gang has attacked dozens of schools across the country, including a headline-grabbing attack on the largest school district in Los Angeles in September.

The FBI, CISA and other agencies noted in an alert in September that Vice Society has stepped up its level of attacks this fall. 

Emsisoft threat analyst Brett Callow — a ransomware expert tracking attacks on school districts — previously said Vice Society has attacked at least eight other U.S. educational institutions so far this year.

Vice Society claims to have attacked the School District of Elmbrook in Wisconsin, Sierra College in California, Linn-Mar School District in Iowa, and Grand Valley State University in Michigan. 

The group has been active since at least June 2021, and its latest attacks between July and October of this year have “heavily impacted the education sector,” according to a report from Microsoft last month. 

“Groups are opportunistic and make a buck whenever and wherever they can, with no preference for any particular sector,” Callow said. “Vice Society is the only group I can think of that does seem to have a preference.”

In addition to Cincinnati State College, the Hive ransomware group added Guilford College in Greensboro, North Carolina to its list of victims and the BianLian gang added Centura College in Virginia. Neither school responded to requests for comment. 

Dozens of colleges and universities have been attacked by ransomware groups this year, including North Idaho College on November 3. Callow said at least 35 colleges and universities in the U.S. have been hit this year, with at least 24 of them having had data exfiltrated and released online.

Savannah College of Art and Design was attacked in September while the 12,500-student College of the Desert was hit with a cyberattack in July. Austin Peay State University sent out urgent messages to students and faculty in April warning of a ransomware attack affecting the school’s systems. North Carolina A&T UniversityFlorida International University, and Stratford University are just a few of the other U.S. schools attacked with ransomware this year.

The FBI said in May that Russian cybercrime forums are teeming with the network credentials and virtual private network accesses of employees from U.S. colleges and universities. 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.