On Friday, September 30th, 2022, HPNM was first to report that William Carey University was under a ransomware cyber attack. The following Saturday, William Carey President Dr. Ben Burnett issued a statement on their website. The official statement reads as follows.
“On Friday morning, William Carey University experienced an incident that resulted in a system outage that impacted our email and website. Immediately upon learning of the incident, our IT department sprang into action, including shutting down the campus networks temporarily in order to contain the disruption.
As a result of their around-the-clock efforts, our affected operations are being restored. Students and faculty now have access to their email and online courses, and Canvas remains operational. We anticipate being open and operational when classes resume on Monday, and academic advising for the winter trimester will commence next week as scheduled.
At this time, we are working closely with a team of external cybersecurity experts to investigate the situation. William Carey University takes the security of its networks seriously.”
[End of statement]
WCU is not alone in their cyber breach. Cyber attacks against the educational industry are on the rise. An article from Arstechnica.com by Dan Gooden, was published, which cited Brett Callow, a leading threat analyst and cybersecurity expert. Callow is quoted about the rising ransomware attacks against educational institutions.
“Already this year, 27 school districts with 1,735 schools among them have been hacked in ransomware incidents, Brett Callow, a threat analyst with security firm Emsisoft, said.”
According to the article, a primary culprit with many of the 2022 ransomware attacks in the educational sector is a group of Russian-speaking hackers called “Vice Society.” VS targets systems that have not patched specific security flaws on the network. The article states that the group,
“use[s] critical unpatched vulnerabilities in VPN devices from SonicWall and the Windows zero-day known as PrintNightmare as an initial entry point into companies it has targeted. Patches for these vulnerabilities have since been released.”
Callow also states that, “[Vice Society] specializes in human-operated ransomware attacks, as opposed to automated attack techniques favored by many of its peers.”
Callow Tweeted about the WCU cyber attack.
William Carey University has experienced a #ransomware incident. Whether data was stolen is not clear. 1/3https://t.co/VAqrhsXU5C
— Brett Callow (@BrettCallow) October 3, 2022
A Vice.com article, (no connection with Vice Society) also reported on the ransomware attacks by the Russian-speaking group Vice Society against the Victor Central School District in New York, Sierra College, and the Los Angeles Unified School District (LAUSD). Vice reported,
“The ransomware attacks did not impact all schools the same way. For example, when hackers infected the systems of Victor Central School District in New York, they did force the school to close, but several of the school’s systems were not impacted because they were hosted on cloud-based systems, and other systems were backed up and so relatively easy to restore, according to internal emails.”
The Vice article also stated,
“It took more than two weeks for Sierra College to clean up the damage and have most of its systems back up and running. In the meantime, school officials sent regular emails updating staff about the progress in remediating the attack. Instead of paying the ransom, the school decided to replace the encrypted hard drives, ordering 300 new hard drives for a total of $18,667.94, according to the emails.”
The Los Angeles Unified School District (LAUSD) hasn’t been so lucky against Vice Society’s attack. According to the LA Times, in an article published this past Friday, LAUSD superintendent Alberto Carvalho told media in response to Vice Society’s demands,
“What I can tell you is that the demand—any demand—would be absurd,” Carvalho went on to say “But this level of demand was, quite frankly, insulting. And we’re not about to enter into negotiations with that type of entity.”
In their recent article, ArsTechnica predicted the outcome from the LAUSD statement,
“Friday’s LAUSD statement warned employees and families that the group was likely to respond by releasing breached data publicly.”
ArsTecnica went on to report,
“Over the weekend, that’s precisely what Vice Society did on its name-and-shame site. The haul, which researchers from security firm Checkpoint said included more than 284,000 files, contains a wide variety of documents, images, and other documentation. One video purports to be part of an incident report and appears to show district personnel monitoring a video feed and responding to other staff members over a two-way radio. Other documents list the names, Social Security numbers, attendance records, unredacted passports, and other sensitive information of school employees and contractors.”
William Carey appears to be on the fortunate side, if there is such a thing, of the hacking spectrum, as most of their systems appear to have been hosted with 3rd party cloud services and are currently operational. It is unclear at this time if there was a breach in sensitive student or faculty data. As more details are available, they will be reported.