This is a screen shot showing part of Vice Society's threat to post data stolen from Okanagan College.
Image Credit: Twitter/Brett Callow
January 26, 2023 - 1:32 PM
An international criminal gang that specializes in cyberattacks on educational institutions appears to be holding data acquired in a security breach at Okanagan College for ransom.
Vice Society says it will post more than 850 gigabytes of confidential information on its site by 8 p.m. London time on Monday, Jan. 30. It doesn’t say where the information is from but a posting on the Vice Society site on the dark web includes a blurred picture of Okanagan College.
“Our partner from Canada has lovingly provided confidential files,” says the screenshot posted by Brett Callow on his Twitter account.
Callow is a threat analyst with Emsisoft, an international cybersecurity firm based out of New Zealand. He works out of his home on Vancouver Island and sent the information to iNFOnews.ca via email.
The Vice Society posting is on the dark web and not accessible to most people, he said. No actual ransom is demanded in the post.
“Ransomware gangs do two things,” Callow said in an interview with iNFOnews.ca. “First, they steal a copy of the data. When they’ve done that, they will attempt to encrypt the victim’s system. That gives them two points of leverage because, even if the victim is able to cover their system using backups, they still have the data. Then they try to insist on payment in exchange for, supposedly, deleting that information.”
Will they actually delete it?
“Of course not,” Callow said. “They’re criminals. Why would they delete something that they may be able to monetize at a latter date?”
Once the data is posted on the dark web, anyone with access to that system can use that information.
Wired magazine, in an article published last October, said Vice Society hacked into a Los Angeles school district in the first week of September. That district has more than 1,000 schools and more than 600,000 students, the article says.
By comparison, Okanagan College, which was hacked on Jan. 9 – the first day of classes for this semester – has about 8,000 full-time equivalent students.
The Los Angeles school district refused to pay so data on students who had attended the school between 2013 and 2016 was released.
Vice Society, it seems, moved on to other targets without apparently making any money.
Vice Society’s posting says it has logins, passwords, internal network map of the organization, SQL (Structured Query Language) databases, exchange database, photos of passports and social security numbers, contracts, lawsuits, credit card numbers, etc., presumably from Okanagan College.
Okanagan College, in an email to iNFOnews.ca, declined to provide any further information than what is on its website, other to say that "the RCMP, the Office of the Information and Privacy Commissioner for B.C. and the Canadian Centre for Cyber-Security have all been notified, and we continue to follow their guidance."
On Monday, Jan. 23 – two weeks after the hack was discovered – Okanagan College notified students that their personal information, including social insurance, passport and visa numbers “may have been subject to risk.”
It said that credit card information did not seem to be at risk, which is contrary to what Vice Society posted.
READ MORE: IDENTITY THEFT: Okanagan College warns students personal information may have been hacked
While two weeks may seem a long time to wait before posting that warning, Callow says that’s actually quite fast compared to many organizations.
“These things can sometimes take a long time to come to light,” he said. “It does take time for organizations to work out what has happened. It can require a lot of forensic work to establish what, if any, data was taken because the criminals try to cover their tracks and their methods.”
In some cases, ransomeware attacks are never disclosed, he said.
Most ransomware gangs are based in Russia or Eastern Europe, although they may have agents in other countries, Callow said. The Wired article says Vice Society appears to be Russian speaking.
Callow can’t say just how the group got into Okanagan College’s system but did say most educational institutions run on limited budgets and often choose to spend the money they do have on educating students, not cybersecurity.
“Most attacks happen because of, often, fairly basic security failings,” Callow said. “For example, organizations can significantly reduce their risk profile if the use multi-factor authentication everywhere it should be used. That is probably the single biggest thing any organization can do.”
Ultimately, though, it’s up to senior governments to fight cyberattacks, he said.
There should be an overall approach from the federal government because small organizations don’t have the resources or expertise to come up with their own individual solutions.
The federal government should also be working with other countries to put political pressure on countries where ransomware gangs operate.
The FBI and international partners, just this week, hit Hive, one of the world’s top five ransomeware networks.
They were able to gain access to Hive's system in July and have now succeeded in, at least temporarily, interfering with its operations. That may have saved victims, including hospitals and school districts, $130 million in ransom payments, according to an Associated Press story.
READ MORE: Students feel 'betrayed' by Okanagan College's handling of data breach
- This article was updated at 3:30 p.m. on Jan. 26, 2022 to add a comment from Okanagan College.
To contact a reporter for this story, email Rob Munro or call 250-808-0143 or email the editor. You can also submit photos, videos or news tips to the newsroom and be entered to win a monthly prize draw.
We welcome your comments and opinions on our stories but play nice. We won't censor or delete comments unless they contain off-topic statements or links, unnecessary vulgarity, false facts, spam or obviously fake profiles. If you have any concerns about what you see in comments, email the editor in the link above.
News from © iNFOnews, 2023