The Vice Society ransomware operation has claimed responsibility for a cyberattack on Cincinnati State Technical and Community College, with threat actors now leaking data believed to have been stolen in the attack.

The hackers have published a long list of documents on their Tor data leak site that they claim were stolen from the college, indicating that a ransom was never paid.

The documents date from several years ago until November 24, 2022, possibly indicating that threat actors maintain access to hacked systems, but this has not been verified.

All materials on the Vice Society site have been made freely available to visitors and contain PII (Personally Identifiable Information) in the disclosed files.

Restoration of operations

Cincinnati State College informed its 10,000 students and 1,000 staff that they suffered a cybersecurity incident earlier this month, warning that online services and restoring regular operations will take time.

The Last update on the cyberattack came on Tuesday this week, announcing the restoration of campus networks and email, partial internet access and classroom computers.

However, voicemail, network printing, VPN access, network and intranet shared drives are unavailable, while a range of online applications and check-in portals are also offline.

The college has released an FAQ for employees, current students and new students, guiding them on how to interact with the administration until systems return to normal operation.

However, there are not workarounds for all services, so the disruption caused by the cyberattack remains significant for the college.

Vice Society vs Education

Vice Society has a long history of targeting educational institutions ranging from K-12 school districts to universities.

A new report from Microsoft recently observed Vice Society using several ransomware families in attacks against the education sector, including BlackCat, QuantumLocker, Zeppelin and RedAlert.

In addition to these families, BleepingComputer has also seen Vice Society deploy HelloKitty ransomware in attacks.

In September, the The FBI Warned about Vice Society’s focus on schools and universities after seeing the threat group disproportionately target the education sector.

A notable victim of the Vice Society in the education sector is the Los Angeles Unified (LAUSD), the second largest school district in the United States.

The threatening group has also targeted educational institutions in other countries, such as the Medical University of Innsbruck in Austria.