vice society attacks Lewis & Clark College

Incident Date:

March 3, 2023

World map



vice society attacks Lewis & Clark College


Lewis & Clark College




Portland, USA

Oregon, USA

First Reported

March 3, 2023

Cybernews Confirms Ransomware Attack on Lewis & Clark

“Cybernews confirmed the March 3 breach with Lewis & Clark VP of Communications Lori Friedman, who told us by Friday evening "that the vast majority of our systems are fully operational." The Cybernews team was also able to check the ransom gang's dark web leak site, where Vice Society has indeed claimed responsibility for the ransomware attack.

Cybersecurity Analyst Raises Alarm

Cybersecurity analyst and security researcher Dominic Alvieri first posted about the breach on Twitter Friday, claiming, “the Lewis and Clark College March system outage is now confirmed as a ransomware attack from Vice Society.”

Official Response from Lewis & Clark

On Friday, the college Executive Council posted a notice about the month-long breach on the school's official website, saying the ransomware attack "significantly impacted almost all IT systems on campus." "The cybercriminals responsible for the incident now claim to have published a limited amount of Lewis & Clark data on a "dark web" website maintained by the threat actors," the school said. However, they "do not have reliable information about the scope or content of the allegedly published data." The Council also said they are refusing to pay the ransom demand – which has not been disclosed – on the advice of law enforcement and security experts helping with the case.

Leaked Data on the Dark Web

The gang’s leak site posted what appears to be a live link tree of the entire college network system, along with three rotating photo albums that continuously flip through a sample of alleged photocopies of student passports.”

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.