Vice Society branding

Vice Society: The #1 cyberthreat to schools, colleges, and universities

This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, “known attacks” are those where the victim didn’t pay a ransom. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher.

According to a recent Malwarebytes Threat Brief, in the last 12 months, the Vice Society ransomware gang has conducted more known attacks against education targets globally, and in the USA and the UK individually, than any other ransomware group.

Known ransomware attacks against education by gang, May 2022-April 2023

Although attacks on education have been a staple of the ransomware ecosystem for years, Vice Society appears to have specialised in delivering misery to schools, colleges, and universities in a highly unusual way.

Education accounts for a huge proportion of known Vice Society attacks. Between April 2022 and March 2023, 39% of the gang’s attacks hit education, compared to an average of just 4% across all the other ransomware groups tracked by Malwarebytes.

Vice Society’s targeting of education is undoubtedly deliberate and has likely allowed the gang to develop domain-specific techniques and expertise.

The result is that Vice Society is the most prolific attacker of education institutions in the two most attacked countries in the world: the USA and the UK. In the USA, Vice Society is the most active among a group of gangs. In the UK, Vice Society accounts for a staggering proportion of known ransomware attacks on education—almost 70%.

The stakes for education could not be higher. In a modern ransomware attack the target is an entire organisation, not just one or two computers. The attackers’ aim is to put the organisation in an unbearable position by stopping it from functioning, and then demanding a ransom that can stretch to millions of dollars.

It is a challenge for any organisation to fight off a determined ransomware gang like Vice Society, but schools face the added pressure of doing so in a notoriously tight budgetary environment.

According to the Education Data Initiative, “Public education spending in the United States falls short of global benchmarks and lags behind economic growth.” In the UK, education has suffered a significant drop in funding in the last decade, according to the non-partisan Education Policy Institute. School budgets are tight and institutions are understandably keen to direct their budgets at things that directly benefit pupils.

Schools, colleges, and universities must somehow reconcile tight budgets with the need to deploy a sophisticated enough detection and response capability to find and evict stealthy adversaries like Vice Society.

To learn more about Vice Society attacks on education and how to protect against them, download the Malwarebytes Threat Intelligence Threat Brief: Vice Society.