Lewis & Clark College in Portland, Oregon, was hit by a cyberattack that has been claimed by Vice Society, a ransomware gang that has attacked K-12 schools and colleges over the last year. The attack resulted in the exposure of sensitive information, including social security numbers and passports.
The college did not respond to requests for comment about whether a ransom was demanded or will be paid.
Following the attack, the college sent several urgent messages on social media and on its website notifying students and employees that several of its systems were down. The outages lasted until March 7, and the school released a notice explaining that it “experienced an IT security incident which negatively impacted systems and services across” its campuses.
Vice Society has been ruthlessly attacking grade schools, colleges, and universities, publishing the mental health records of thousands of Los Angeles K-12 students after an attack last year and most recently taking credit for an attack on the United Kingdom’s Tanbridge House School.
The group continues to leak troves of sensitive data onto the dark web from students of all ages. Emsisoft ransomware expert Brett Callow said attacks on the education sector do not appear to be slowing down. He noted that a near-identical number of US schools have been impacted by ransomware every year since 2019.
Allan Liska, senior security architect at cybersecurity firm Recorded Future, said that through the end of March, there have been 49 publicly reported ransomware attacks against schools. He also noted that Vice Society accounted for nearly 20% of all attacks on educational institutions this year.
Liska predicted that if trends hold, 2023 will likely surpass 2022 in terms of the number of ransomware attacks against schools.
