The Vice Society ransomware gang has claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to reconstruct its IT infrastructure, a process that’s still ongoing.
The threat actors have also leaked files they claim to have stolen from the university during the network breach, exposing potentially sensitive details about the university’s operations, students, and personnel.
UDE has since confirmed that they are aware the threat actors published the stolen data and said that they will not be paying a ransom.
“After the cyber attack on the University of Duisburg-Essen (UDE) at the end of November, the criminal group responsible for it has now published data on the Darknet,” UDE said in a statement.
“The university had not complied with the attackers’ demands and had not paid a ransom.”
BleepingComputer has reviewed some of the leaked files and found they include backup archives, financial documents, research papers, and student spreadsheets. While they appear to be genuine, we have no way to confirm their authenticity.
Vice Society’s attack on the University of Duisburg-Essen continues the ransomware operation’s continued targeting of the education sector.
In 2022, the ransomware gang attacked the Cincinnati State Technical and Community College, the Medical University of Innsbruck, and the Los Angeles Unified school district.
These attacks led the FBI, CISA, and MS-ISAC to release a joint advisory warning that the ransomware gang is increasingly targeting U.S. school districts.
Rebuilding UDE’s IT infrastructure
The cyberattack was disclosed by UDE on November 28th, 2022, forcing the university to shut down all email, communications, and IT systems until further notice. The university also canceled the planned exams right before the Christmas holiday.
By December 07th, 2022, UDE’s IT specialists had returned several core systems to a functional state. In addition, on December 22nd, 2022, a widespread password reset action for the online learning platform affecting 40,000 people was taken.
However, UDE was still far from returning to normal operations.
On January 9th, 2023, UDE informed students and personnel that due to the extensive damage caused by the cyberattack, and the complex pattern of this damage, the only way to restore all systems would be to reconstruct the entire IT infrastructure.
UDE explained that the cyberattack had impacted 1,200 servers and compromised the central authorization system, so restoring all these would be impractical.
As for the impact of the (claimed) Vice Society attack on UDE, the university has 43,000 students, 4,000 academic staff, and 1,500 administrative staff. It is considered the top German university in the physics field.
In a 2019 interview, the CISO of UDE, Marius Mertens, discussed the successful mitigation of a ransomware attack. He highlighted the importance of the university’s supercomputer, which ranked among the top 500 in Europe, and explained that disruption to its operations would result in significant financial losses.
“A downtime would entail huge costs when converted to the price tag of the lost CPU hours. For example, losing CPU hours for one week would cost us €75,000,” explained Martens.