The Vice Society ransomware gang actively claimed responsibility for a cyberattack on the University of Duisburg-Essen (UDE) in November 2022. This attack forced UDE to actively reconstruct its IT infrastructure, a process that is still ongoing. The threat actors also leaked files they claim to have stolen from the university. This incident took place during the network breach, exposing potentially sensitive details about UDE’s operations, students, and personnel. UDE has since confirmed that they are aware that the threat actors actively published the stolen data. They also said that they will not be paying a ransom. In a statement, UDE said, “After the cyber attack on the University of Duisburg-Essen (UDE) at the end of November, the criminal group responsible for it has now actively published data on the Darknet.”

Report on ransomware

The University of Duisburg-Essen actively resisted the demands of the attackers and refused to pay a ransom. As a result, the Vice Society ransomware operation targeted the education sector and leaked files, including backup archives, financial documents, research papers, and student spreadsheets. Experts have reviewed these files and determined that they appear to be genuine.

This attack on the University of Duisburg-Essen is not an isolated incident. The Vice Society ransomware operation has previously targeted the Cincinnati State Technical and Community College, the Medical University of Innsbruck, and the Los Angeles Unified school district in 2022.

In response to these attacks, the FBI, CISA, and MS-ISAC have issued a joint advisory warning that the Vice Society ransomware operation is increasingly targeting U.S. school districts.

Rebuilding IT infrastructure

On November 28th, 2022, UDE revealed a devastating cyberattack, which resulted in the immediate shutdown of all email, communication, and IT systems. In response, the university also canceled all planned exams right before the Christmas holiday. Despite the setback, UDE’s IT specialists worked diligently to restore several core systems to a functional state by December 07th, 2022. On December 22nd, 2022, UDE took a widespread password reset action for the online learning platform, affecting 40,000 people.

However, the situation was far from returning to normal operations. On January 9th, 2023, UDE informed students and personnel that due to the extensive damage caused by the cyberattack, and the complex pattern of this damage, the only way to fully restore all systems would be to reconstruct the entire IT infrastructure. UDE explained that the cyberattack had impacted 1,200 servers. It has compromised the central authorization system, making it impractical to restore all of them. This process would be time-consuming and required significant resources. It was the only way to ensure the security and integrity of the university’s systems.

The University of Duisburg-Essen (UDE) is a leading German institution, with 43,000 students, 4,000 academic staff, and 1,500 administrative staff. It is particularly renowned in the field of physics. Recently, the university faced a claimed attack by the Vice Society. However, the Chief Information Security Officer (CISO) of UDE, Marius Mertens, reported that the attack was successfully mitigated.

In a 2019 interview, Mertens emphasized the crucial role that the university’s supercomputer played in preventing significant financial losses. The supercomputer, which ranked among the top 500 in Europe, is a valuable asset for the university. Mertens explained that any disruption to its operations would result in a significant financial loss. He stated, “A downtime would entail huge costs when converted to the price tag of the lost CPU hours. For example, losing CPU hours for one week would cost us €75,000.” This highlights the importance of having strong security measures in place to protect a university’s valuable assets.