The Vice Society ransomware gang claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to rebuild its IT infrastructure, a process that is still ongoing.

The threat actors also leaked files they claim stole from the university during the network breach, exposing potentially sensitive details about the university’s operations, students and staff.

The UDE has since confirmed they were aware the threat actors released the stolen data and said they will not pay a ransom.

“After the cyberattack on the University of Duisburg-Essen (UDE) at the end of November, the criminal group responsible for it has now published data on the Darknet,” the UDE said in a statement. statement.

“The university did not comply with the attackers’ demands and did not pay a ransom.”

BleepingComputer reviewed some of the leaked files and discovered that they included backup archives, financial documents, research papers and student spreadsheets. Although they appear to be genuine, we have no way of confirming their authenticity.

The Vice Society’s attack on the University of Duisburg-Essen continues the ransomware operation’s continued targeting of the education sector.

In 2022, the ransomware gang attacked the Cincinnati State Technical and Community Collegethem Medical University of Innsbruckand the Los Angeles Unified school district.

These attacks led the FBI, CISA and MS-ISAC to publish a joint notice warning that the ransomware gang is increasingly targeting US school districts.

Reconstruction of the IT infrastructure of the UDE

The cyberattack was disclosed by UDE on November 28, 2022, causing the university to shut down all messaging, communications, and computer systems until further notice. The university also canceled exams scheduled just before the Christmas holidays.

As of December 07, 2022, UDE IT specialists had handed over several basic systems to a functional state. In addition, on December 22, 2022, a large Reset password actions for the e-learning platform reaching 40,000 people have been taken.

However, the UDE was still far from having returned to normal operation.

On January 9, 2023, UDE informed students and staff that due to the extensive damage caused by the cyberattack and the complex pattern of that damage, the only way to restore all systems would be to rebuild the entire IT infrastructure.

UDE explained that the cyberattack affected 1,200 servers and compromised the central authorization system, so it would be impossible to restore all of them.

As for the impact of the (alleged) Vice Society attack on UDE, the university has 43,000 students, 4,000 academic staff and 1,500 administrative staff. It is considered the best German university in the field of physics.

In a 2019 interview, UDE CISO Marius Mertens discussed successfully mitigating a ransomware attack. He underlined the importance of the university’s supercomputer, which ranks among the top 500 in Europe, and explained that the interruption of its operations would lead to significant financial losses.

“A downtime would incur huge costs when converted to the cost of lost CPU hours. For example, losing CPU hours for a week would cost us $75,000.” explained Martens.