Lewis & Clark College Suffers Ransomware Attack

Lewis & Clark College, a liberal arts institution in Portland, Oregon, has been targeted by the notorious ransomware group Vice Society. The attack was announced on March 31, 2023, and the group claimed to have leaked sensitive data onto the dark web, including passports, Social Security numbers, insurance files, W-9 forms, contracts, and more.

The college did not respond to requests for comment about whether a ransom was demanded or paid, but they did confirm that they had been hit with ransomware and were working with external information technology experts to conduct a detailed technical investigation. The outages lasted until March 7, and the school released a notice explaining that they were on track to completely eliminate greenhouse gas emissions from their portfolio by 2040.

Victim Profile

Lewis & Clark College is a top-ranked institution with a strong commitment to sustainability. Their Environmental Law program is among the nation's best, and they prioritize sustainability in all forms, including their campus, academic studies, and community initiatives. The college has a diverse student body, with students from various backgrounds and interests, including environmental studies and Earth system science.

Vulnerabilities

The attack on Lewis & Clark College highlights the vulnerabilities of educational institutions to ransomware attacks. Vice Society has been targeting grade schools, colleges, and universities, leaking sensitive data onto the dark web. The group's success in these attacks often stems from basic security shortcomings, such as unpatched programs and compromised websites.

Response

The college urged students not to respond to any attempts by the ransomware group to contact them and said there was no action for them to take at the time. They also advised students to be cautious of phishing emails and to back up their data regularly.

Previous Attacks

Vice Society has been responsible for a significant number of ransomware attacks against schools, with 49 publicly reported attacks in 2023, surpassing the number in 2022. The group accounted for nearly 20% of all attacks on educational institutions in 2023.

The ransomware attack on Lewis & Clark College underscores the importance of cybersecurity measures in educational institutions. Despite efforts to combat ransomware attacks, the number of incidents has remained consistent, highlighting the need for improved security measures and education on cyber threats.

Sources

• Lewis & Clark College. (n.d.). Welcome to Lewis & Clark in Beautiful Portland, Oregon. Retrieved April 10, 2024, from https://www.lclark.edu/
• Vice Society. (2023, March 31). Lewis & Clark College cyberattack claimed by notorious ransomware gang. Retrieved April 10, 2024, from https://therecord.media/lewis-clark-college-ransomware-attack-vice-society
• Lewis & Clark College. (n.d.). Malicious Software Information. Retrieved April 10, 2024, from https://www.lclark.edu/information_technology/security/awareness/malware/