Cincinnati State Technical and Community College has been impacted by a Vice Society ransomware attack, with allegedly stolen data being leaked by the attackers on their Tor data leak site, BleepingComputer reports.
Vice Society has exposed files with personally identifiable information dating from several years ago to last Thursday, suggesting continued access to compromise systems. Cincinnati State students and staff were notified earlier this month regarding a cyberattack that may prompt prolonged restoration of operations.
Even though Cincinnati State noted in its latest update last Tuesday that it had partially fixed internet access, as well as restored on-campus networks and email, it has yet to bring VPN access, voicemail, network and intranet shared drivers, and various online application and registration portals back online.
Vice Society's claimed attack on Cincinnati State comes after the group was reported by Microsoft to have leveraged different ransomware families, including BlackCat, RedAlert, Zeppelin, and QuantumLocker, in its attacks against educational institutions.
Cincinnati state college hit by Vice Society ransomware attack
Cincinnati State Technical and Community College has been impacted by a Vice Society ransomware attack, with allegedly stolen data being leaked by the attackers on their Tor data leak site, BleepingComputer reports.
Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware.
Such websites, which are operated under "AI Nude" and are advanced by black hat SEO techniques, promise the conversion of uploaded photos into deepfake nudes but display a link, which when clicked redirected to another site with the password and link to the password-protected Dropbox-hosted archive that contains the infostealer malware.
Both iOS and Android devices have been targeted with attacks involving the fake app dubbed "SB-INT," which lured victims into manually trusting the Enterprise developer profile before triggering the registration process that would seek additional information from victims.