The Vice Society ransomware attacks organization has been progressively targeting U.S. school districts. Additional assaults are anticipated once the new school year begins, according to today’s warning from the FBI, CISA, and MS-ISAC.
“The FBI, CISA, and the MS-ISAC have observed Vice Society actors disproportionately targeting the education sector with ransomware attacks,” today’s joint advisory reads.
As the 2022–2023 school has started they “expect attacks may grow and criminal ransomware groups perceive prospects for effective attacks.”
Indicators of compromise (IOCs) from the Vice Society and strategies, methods, and procedures (TTP) that the FBI identified in the September 2022 attacks are also provided to network defenses in the joint advice.
The advisory also states that in order to lessen the possibility and effects of ransomware occurrences. The FBI, CISA, and the MS-ISAC encourage companies to execute the suggestions in the Mitigations portion of this CSA.”
Attacks on the education sector, which primarily target kindergarten through K-12 institutions, have a significant negative impact on how institutions run their operations. These impacts range from limited access to networks and data, postponed exams, canceled school days, and theft of student and staff personal information.
After a ransomware attack shut down some of its Information Technology (IT) systems over the weekend, Los Angeles Unified (LAUSD), the second-largest school district in the United States, revealed one such incident today. LAUSD hasn’t yet linked the attack to a specific ransomware gang.
Victims asked to share attack details with the FBI
In order to prevent ransomware attacks and lessen their effects, network defenders should take certain precautions. These precautions include prioritizing and fixing known exploited vulnerabilities, teaching their users to spot and report phishing scams that can cause initial attack vectors, and enabling and enforcing multifactor authentication.
Additionally, the FBI requested logs and other data related to the assaults from the victims.
The federal law enforcement agency searched for any information that could be shared, including boundary logs that showed communication to and from foreign IP addresses. A sample ransom note, communications with Vice Society actors, information about Bitcoin wallets, decryptor files, and/or a benign sample of an encrypted file.
Vice Society deploys multiple ransomware strains on their victims’ networks, such as Hello Kitty/Five Hands and Zeppelin ransomware.
Additionally, they grab confidential information from vulnerable systems before encryption and utilize it for double extortion by threatening their victims with the release of the information if their ransom demand does not meet.
The Austrian Medical University of Innsbruck is one of the group’s most recent victims. After a significant IT service disruption and the data taken in the attack posted on the gang’s data leak site. The university is ready to reset all 3,400 students’ and 2,200 workers’ account passwords.
Emsisoft threat analyst Brett Callow said that ransomware attacks had disrupted education at 1,000 universities, colleges, and schools during 2021.
In November, U.S. Senators Maggie Hassan, Kyrsten Sinema, Jacky Rosen, and Chris Van Hollen urged the U.S. Department of Education and the Department of Homeland Security (DHS) to strengthen cybersecurity protections at K-12 schools. This is needed to keep up with this massive wave of attacks.
