If you purchase via links on our site, we may receive affiliate commissions.

US college fights to weather storm in wake of cyberattack

Updated on: 10 November 2022

Damien Black
Senior Journalist

Ransomware Vice Society — By Shutterstock

Hartnell College in California continues to suffer disruption to its systems following a breach by a ransomware gang last month.

“Hartnell College continues to work on the network interruption,” it said in a statement on its website updated yesterday. “We will continue to update our campus community often as we learn more.”

Hartnell College was allegedly hit by notorious Vice Society – a ransomware gang that has been after the education sector, particularly in the US.

It added that its phone and email systems continue to be affected and urged all students to reset their passwords and adopt single sign-on to enroll in classes. It has also supplied alternative contact numbers and email addresses while it works to fix the breach.

The ransom-related hack compromised 2,000 devices connected to Hartnell’s systems, including 300 laptops – growing evidence of the increased attack surface the internet of things (IoT) gives to cybercriminals.

Universities are an increasingly popular choice of target for ransomware gangs, with the venerable Lincoln College forced out of business by a cyberattack earlier this year.

Hartnell college claimed as victim — Screenshot by Cybernews

Vice Society at large

According to Microsoft, Vice Society exploit publicly known vulnerabilities, relies on tools such as PowerShell scripts, and repurposes legitimate tools.

Vice Society uses custom PowerShell scripts, commodity tools, exploits for disclosed vulnerabilities, and native Windows binaries to gain an initial foothold in compromised networks.

After deploying ransomware, the gang demands a ransom, threatening to leak the collected information on its site. Sometimes it simply exfiltrates data and dwells within compromised networks, hoping this would be enough to extort money from victims.

The gang has been observed deploying several ransomware payloads, including BlackCat, QuantumLocker, and Zeppelin.