Heimdal
article featured image

Contents:

The Vice Society gang has been behind a high-profile string of ransomware attacks on schools across the UK and the USA, with the most recently uncovered campaign involving 14 British schools.

Source

Vice Society – A Constant Threat

Vice Society ransomware seemed to favor educational institutions, with 33 schools targeted last year, surpassing other threat actors.

However, the ransomware group did not stop at the education sector, as the Swedish-Dutch furniture manufacturer, IKEA, also made it on the list of victims with data taken from IKEA stores in Morocco and Kuwait making its way to the gang’s data leak site. This is not unheard of when it comes to Vice Society, as 7% of their targets belong to the retail sector. A different example involves the city of Palermo, Italy. In that case, Vice Society ransomware gang claimed to have been behind the attack after posting an entry on their leak site.

Back in September, the FBI warned about Vice Society’s focus on schools and universities after seeing the threat group targeting this sector disproportionately. U.S entities are not the only ones on the cybergang`s hitlist, international educational entities have also fallen victim, one example being the Medical University of Innsbruck in Austria.

The Hack Timeline

The Pates Grammar School attack is believed to have occurred around 28 September, when the administration contacted parents announcing its IT systems and phone lines were down.

On 7 October, the headteacher emailed again, from a newly created Gmail account, to say its systems were “accessed by an unauthorized third party.” Teaching materials, which relied on Microsoft Teams, were also affected, and the school said it had notified the Information Commissioners Office (ICO) and police.

At that time, according to BBC, the headmaster wrote:

There is currently no evidence that data has been stolen or published.

Once again, five days later, another email was sent stating:

Regrettably, it now appears that some of our data was taken by the criminal organization and placed on its dark web site, which is not easily accessible and only available to a limited audience with the technical knowledge and ability to access this specific site. If we learn that any significant data has been affected in this way, you will be informed and provided with guidance and assistance.

Source

On the leak site, one folder contains passport scans for students and parents on school trips as far back as 2011, whereas another marked “contract” includes contractual offers made to staff alongside teaching documents. BBC also reports they have noticed a folder marked as confidential, which consists of documents on the headmaster’s pay as well as student bursary fund beneficiaries.

Other British schools affected by Vice Society have been listed as follows:

  • Carmel College, St Helens
  • Durham Johnston Comprehensive School
  • Frances King School of English, London/Dublin
  • Gateway College, Hamilton, Leicester
  • Holy Family RC + CE College, Heywood
  • Lampton School, Hounslow, London
  • Mossbourne Federation, London
  • Pilton Community College, Barnstaple
  • Samuel Ryder Academy, St Albans
  • School of Oriental and African Studies, London
  • St Paul’s Catholic College, Sunbury-on-Thames
  • Test Valley School, Stockbridge
  • The De Montfort School, Evesham

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Mihaela Popa

COMMUNICATIONS & PR OFFICER

Mihaela is a digital content creator for Heimdal® and the proud owner of an old soul and a curious mind. Passionate to learn and discover more about cybersecurity, she will gladly share her latest finds with you.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE