The University of Duisburg-Essen (UDE) was the victim of a cyberattack in November 2022 that was blamed on the Vice Society ransomware gang. The university was forced to rebuild its IT infrastructure, a process that is currently ongoing. Additionally, the threat actors have exposed documents that may have contained critical information about the institution’s operations, students, and staff. These documents were allegedly stolen from the university during the network hack. UDE later acknowledged their knowledge of the threat actors’ publication of the stolen material and declared they wouldn’t be paying a ransom.
“After the cyber attack on the University of Duisburg-Essen (UDE) at the end of November, the criminal group responsible for it has now published data on the Darknet,” UDE expressed in a statement. “The university had not complied with the attackers’ demands and had not paid a ransom.”
When some of the leaked files were reviewed, it was found that they included backup archives, research papers, financial documents, and student spreadsheets. Even though they seem genuine, there is no way to verify their legitimacy. The University of Duisburg-Essen was the latest target of Vice Society’s ransomware operation, which has continued to target the education sector. The ransomware group targeted the Medical University of Innsbruck, the Los Angeles Unified school district, and the Cincinnati State Technical and Community College in 2022. The FBI, CISA, and MS-ISAC jointly issued an advisory following these cyberattacks, warning that the ransomware group is increasingly targeting U.S. school districts.
On November 28th, 2022, UDE made the cyberattack public, prompting the institution to immediately shut down its email, communication, and IT services. Additionally, the institution postponed the scheduled examinations until before Christmas. UDE’s IT experts will have numerous critical systems back up and running by December 7th, 2022. A large-scale password reset for the online learning platform that affected 40,000 users was also carried out on December 22nd, 2022. However, UDE was still far from doing business as usual.
On January 9th, 2023, UDE told students and staff that the only way to restore all systems would be to recreate the whole IT infrastructure owing to the substantial damage caused by the cyberattack and the complicated pattern of this damage. According to UDE, the central authorization system had been compromised, and 1,200 servers had been affected, making it impossible to restore them. Regarding how the alleged Vice Society attack would affect UDE, it has 43,000 students, 4,000 faculty members, and 1,500 administrative employees. It is regarded as Germany’s best university for physics.
The UDE CISO, Marius Mertens, spoke about effective ransomware attack mitigation in a 2019 interview. He emphasized the significance of the university’s supercomputer, among the 500 best in Europe, and stated that any disruption to its operations would cause considerable financial losses. “A downtime would entail huge costs when converted to the price tag of the lost CPU hours. For example, losing CPU hours for one week would cost us €75,000,” explained Martens.