Vice Society ransomware gang claims attack on one of Germany’s largest universities
The Vice Society ransomware group said it was responsible for a November attack against one of Germany’s largest universities.
The University of Duisburg-Essen in the country’s North Rhine-Westphalia region was forced to shut down its entire IT infrastructure and disconnect it from the network following the incident. The university has 12 departments and about 43,000 students.
Hackers managed to obtain some of the university's data and put it on the dark web, according to a statement released by the university on Monday. The leaked data allegedly contains financial documents, student information and research papers.
At the time of publication, the university had not responded to The Record's request for comment.
The University of Duisburg-Essen did not name Vice Society as the perpetrator of the cyberattack, but the group itself listed the university as one of its victims.
Vice Society has listed the University of Duisburg-Essen. #ransomware pic.twitter.com/aLdLPsF1Js
— Brett Callow (@BrettCallow) January 16, 2023
The university said the reason its data was leaked was that it refused to comply with the attackers' demands and did not pay the ransom.
“The University of Duisburg-Essen does not agree to their digital blackmail and does not support criminal offenses,” the university said.
To reduce the impact of publishing university data on the dark web, the UDE said it is working closely with the responsible security and investigative authorities.
Together with local data protection experts, the university is analyzing the published data and said that if people or institutions are affected by this breach, "they will be informed as soon as possible."
The university has reason to worry about the data breach. In the latest attack, cybercriminals hacked its internal system and encrypted a large part of it. The attack disabled the university's Microsoft Office applications, internal administration systems, email and telephone systems.
The university began to restore its systems in December, for example, but the process is still ongoing, it said.
Even weeks after the initial breach, hackers continued to attack some of the university's services. "We want to be back to normal by the summer semester," said UDE's chancellor Jens Andreas Meinen.
Educational institutions are popular targets for Vice Society hackers, according to a Microsoft report published in October.
The group is believed to be behind the cyberattacks on the Cincinnati State Technical and Community College, the Medical University of Innsbruck, and the Los Angeles Unified School District.
Vice Society typically exploits vulnerable web-facing applications and uses valid accounts to gain initial access to the compromised networks.
After deploying ransomware, hackers demand an extortion payment, threatening to leak stolen data on its website on the dark web.
Microsoft observed that the group also makes an effort to ensure that an organization cannot recover from the attack without paying the ransom.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.