Vice Society, a ransomware group that surfaced in 2021, has emerged as a persistent threat to the education sector in 2022. According to a report by Palo Alto Network’s Unit 42, the ransomware group has targeted at least 33 educational institutions, with a majority in the U.S., this year.
Education sector attacks
As mentioned by the CISA and Microsoft, Vice Society ransomware has been disproportionately targeting K-12 schools and higher education institutions.
Researchers say hackers could be timing their campaigns to coincide with this sector’s unique calendar year - the transition period between the beginning and end of the school year.
Other industry verticals it targets include healthcare, NGOs, government organizations, and manufacturing.
Overall, the group has impacted more than 100 organizations in different sectors since it started its operations.
The ransomware has the largest number of victims in the U.S., followed by the U.K, Spain, France, Brazil, Germany, and Spain.
Unlike other ransomware groups, Vice Society does not follow the RaaS business model.
Instead, the group utilizes pre-existing ransomware families such as HelloKitty and Zeppelin to extort victims.
Both the ransomware are being used as primary payloads by Vice Society affiliates in their infection chain.
Ransomware attacks on the education sector persist
Throughout November, the education sector witnessed persistent attacks by Hive ransomware.
At least five attacks were reported against K-12 schools and universities, of which two leaked the stolen information.
One of these attacks was launched against Guilford College in North Carolina, wherein the attackers stole sensitive data of students, faculty, and staff.
What to infer?
Vice Society’s attack on educational institutions serves as a warning that the group has shaped its tactics and techniques as per the school year in the U.S. Schools and colleges are encouraged to implement the recommendations from the CISA and the FBI to stay safe.