The University of Duisburg-Essen (UDE) recently became the victim of a cyber attack, which it is still struggling with. It is now clear that the ViceSociety group is blackmailing the UDE, but that they are not paying the ransom. Now the data is available on the Darknet for everyone.
Immediately after the attack was discovered, the university shut down the entire IT infrastructure and disconnected it from the network. Only a small part of the data got into the hands of the criminal organization. The uni states “Data protection and the protection of personal data have top priority for the UDE. All security measures at the UDE are therefore based on the standards of the Federal Office for Information Security (BSI) and the IT baseline protection methodology of the BSI. In order to ensure these specifications, the UDE experts are also supported by companies specializing in this."
Data is already on the dark web
🔎 The ViceSociety dark web page calls its victims “partners” (Image: B2B-CS).
“The fact that the attackers nevertheless managed to withdraw data and make ransom demands once again illustrates the highly professional approach and criminal energy of the organization. Nevertheless, the University of Duisburg-Essen does not agree to their digital blackmail and does not support criminal offenses. The Federal Criminal Police Office (BKA) and the Federal Office for Information Security (BSI) recommend this.” Since the university did not pay the ransom, some data ended up on the dark web. The file list contains names such as Secretariat, Forms, Advertisements, Personal PC, Rectorate and many subdirectories with personal names. The UDE and the experts want to evaluate this data and inform all affected persons.
Who is the ViceSociety group?
According to the APT group ViceSociety, it has only been active since January 2021 and has specialized in ransomware. The group claims to have formed from former pentesters. The list of attacked companies published by ViceSociety actually only contains English-speaking victims – most of them from the USA. Ironically, the group calls all victims "Partners" on its page. The university provides information on its website about your reboot program and the steps currently running. The refurbishment will take the university months.
More at Uni-Due.org