Vice Society nabs Lewis & Clark College as latest ransomware victim

The Vice Society ransomware gang claims its latest victim, the prestigious Lewis & Clark College in Portland, Oregon. Now, Lewis & Clark officials say they refuse to pay the gang's ransom demands.

Cybernews confirmed the March 3 breach with Lewis & Clark VP of Communications Lori Friedman, who told us by Friday evening "that the vast majority of our systems are fully operational."

The Cybernews team was also able to check the ransom gang's dark web leak site, where Vice Society has indeed claimed responsibility for the ransomware attack.

Cybersecurity analyst and security researcher Dominic Alvieri first posted about the breach on Twitter Friday, claiming, “the Lewis and Clark College March system outage is now confirmed as a ransomware attack from Vice Society.”

On Friday, the college Executive Council posted a notice about the month-long breach on the school's official website, saying the ransomware attack "significantly impacted almost all IT systems on campus."

"The cybercriminals responsible for the incident now claim to have published a limited amount of Lewis & Clark data on a "dark web" website maintained by the threat actors," the school said. However, they "do not have reliable information about the scope or content of the allegedly published data."

The Council also said they are refusing to pay the ransom demand – which has not been disclosed – on the advice of law enforcement and security experts helping with the case.

The gang’s leak site posted what appears to be a live link tree of the entire college network system, along with three rotating photo albums that continuously flip through a sample of alleged photocopies of student passports.

Lewis & Clark officials put out short statement confirming the small private college was experiencing a “March 2023 system outage” earlier this month without much of an explanation.

Out IT team is working around the clock, along side a team of external experts,to restore services,” the statement read.

The announcement was posted on the Lewis & Clark College official .edu website, but when the Cybernews team checked the .edu website Friday, the entire site was completely offline, returning a ‘403 Forbidden’ response instead.

No word if the website was taken down by the college to try and contain the damage, which is often done by security experts to assess the situation.

The Russian-affiliated Vice Society gang is well known for targeting educational institutions (and healthcare facilities) around the world, mainly because most of those sectors are unprepared to prevent and handle full-scale ransom attacks.

The group often exploits publicly known vulnerabilities, and develops their own in-house ransomware variants, the most recent named PolyVice, which boasts advanced encryption capabilities.

Recent Vice Society ransom victims include Guildford County School in the UK, Canada’s Okanagan College, Monmouth College in Illinois, the Los Angeles Unified School District, and Mount St. Mary's College in New York.

The Lewis & Clark statement said that since the school does "not have reliable information about the scope or content of the allegedly published data," there is no action for students and faculty to take at this time."