International ransomware group claims responsibility for Okanagan College cyberattack

Photo: Twitter

Vice Society used a blurred photo that appears to be the outside of the Trades building Okanagan College in its ransomware post.

An international ransomware group is claiming responsibility for the cyber attack at Okanagan College earlier this month.

A post by Vice Society was shared on Twitter by Brett Callow, a threat analyst with cyber security firm Emsisoft. It shows a blurred picture of Okanagan College, claiming it has infiltrated more than 850 gigabytes of data.

Vice Society has listed an unidentified Canadian organization, claiming to have exfiltrated >850 GBs of data. #ransomware 1/4 pic.twitter.com/tFDeygiwB1

— Brett Callow (@BrettCallow) January 26, 2023

“Our partner from Canada has lovingly provided confidential files,” claims the hackers.

Vice Society says it has logins, passwords, social security numbers, passport photos and credit card numbers and will publish the data at noon on January 30, if the college doesn’t pay up.

Callow says the fact that the group has used a picture of OC indicates to him that the college has not paid. He believes that’s the right thing to do.

“If they were to pay, they would simply receive a pinky promise that whatever data that was stolen would be destroyed. And, of course, that pinky promise is coming from cyber criminals so it counts for very, very little weight.”

Callow says in many cases organizations that do give in to the ransom demands end up being extorted a second time.

The National Cybersecurity Awareness System in the U.S., which includes the FBI, issued a warning about Vice Society last September. It warned that the ransomware hackers were disproportionately targeting the education sector.

“Over the past several years, the education sector, especially kindergarten through twelfth grade (K-12) institutions, have been a frequent target of ransomware attacks. Impacts from these attacks have ranged from restricted access to networks and data, delayed exams, canceled school days, and unauthorized access to and theft of personal information regarding students and staff,” said the alert.

The cyber attack At Okanagan College was reported by IT staff on January 9. It knocked several systems offline, right when students were returning to classes after the holiday break.

On Monday, OC announced that it was offering free credit monitoring to those affected.

The college says it is aware of the claim but its investigation is ongoing, and it is unable to provide further information at this time.

“Earlier in the week, we disclosed that certain information belonging to current students and employees may have been subject to risk as a result of the cyber-security incident we interrupted on January 9. We continue to encourage all current students and staff to take advantage of the offer of credit monitoring services,” said OC in a statement to Castanet.

“The RCMP, the Office of the Information and Privacy Commissioner for British Columbia, and the Canadian Centre for Cyber-Security have all been notified, and we continue to follow their guidance.”

The latest updates on the incident are available here.

Vice Society has been especially active lately. It targeted a Los Angeles area school board late last year and claimed to be behind an attack at one of Germany’s largest universities in November.