Ransomware group follows through on threat and publishes Okanagan College information

Private OC info published

An international ransomware group has now published a large batch of data on the darkweb claimed to have been obtained through a cyberattack on Okanagan College.

Vice Society, the group who took credit for the attack, published the data on the darkweb Monday after a ransom deadline came and went. The darkweb is an anonymous part of the internet accessible only with special software, allowing users to be untraceable.

The files have been published in a manner that makes it difficult to understand exactly what is included in them, but the dataset is expansive and includes many files that are clearly intended to be confidential such as student home addresses and union grievances.

A great deal of the information, however, is benign and includes things like strategy documents, course lists and budgets.

Vice Society previously claimed to have logins, passwords, social security numbers, passport photos and credit card numbers.

In a statement Monday prior to the information being published, Okanagan College president Dr. Neil Fassina says they have been following the guidance of cyber security experts and law enforcement since the "cyber-incident" took place on Jan. 9.

“As soon as it became clear that personal information belonging to current students and staff may have been subject to risk, we took immediate steps,” said Fassina.

The school on Jan. 23 provided two years of access to credit monitoring and identity theft prevention services and urged students to sign up.

But a frustrated Okanagan College student feels the school has not done enough to explain the seriousness of the situation. The institution has still not publicly acknowledged that the attack was related to a ransomware group, despite media reports.

“The lack of communication has been really frustrating, and really scary. I'm kind of at a loss for words,” said student Rachel Pratico, who explained she has been changing all her passwords and signed up for the credit monitoring program.

“It was actually really easy, but like I've talked to probably 15 students today who haven't done it,” she said.

"I don't think most students really understand the severity of it."

Fassina said the past few weeks have been difficult for the whole college.

“We recognize that people may have questions and regret that we are unable to provide further information at this time, as the investigation into this incident is very much active and ongoing. We will not be sharing information that is speculative in nature and/or that could further jeopardize the security of our systems and our people,” he said.

Fassina said there is still work ahead of them as they determine exactly what information was impacted.

“Unfortunately, no organization can be entirely immune to this type of unlawful activity,” he said.

“Should our ongoing investigation determine that further notifications are necessary, we will proceed with that step accordingly.”

The National Cybersecurity Awareness System in the U.S., which includes the FBI, issued a warning about Vice Society last September. It warned that the ransomware hackers were disproportionately targeting the education sector.

“Over the past several years, the education sector, especially kindergarten through twelfth grade (K-12) institutions, have been a frequent target of ransomware attacks. Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff,” said the alert.

Vice Society did not respond to multiple requests for comment sent to their darkweb email address. A FAQ section of their site says they have been in operation since January 2021. The list of past victims on their site includes colleges in the U.S., telecom companies, transit authorities, fire rescue groups and more.

Brett Callow, a threat analyst with cyber security firm Emsisoft, told Castanet last week groups hit by these types of attacks should hold firm and avoid paying the ransom.

“If they were to pay, they would simply receive a pinky promise that whatever data that was stolen would be destroyed," he said. "And, of course, that pinky promise is coming from cyber criminals so it counts for very, very little weight."

Callow says in many cases organizations that do give in to the ransom demands end up being extorted a second time.

More Kelowna News