vicesociety attacks ROC Mondriaan
Incident Date:
January 6, 2022
Overview
Title
vicesociety attacks ROC Mondriaan
Victim
ROC Mondriaan
Attacker
Vicesociety
Location
First Reported
January 6, 2022
Ransomware Attack on ROC Mondriaan: A Major Disruption in the Education Sector
Victim Profile
ROC Mondriaan, a large educational institution with 26 locations in The Hague, Delft, Leiden, and Naaldwijk, has been targeted by the ransomware group Vicesociety. This institution, which serves more than 20,000 students and employs over 2,100 staff members, offers approximately 240 courses focused on vocational education and training. The attack has significantly disrupted their operations, leaving staff and students unable to access computer files and applications.
Vulnerabilities and Impact
The ransomware attack was executed last weekend and was publicly disclosed on Monday, just as the new school year was about to commence. ROC Mondriaan has since reported the incident to the police and the Dutch Data Protection Authority. A forensic investigation is currently in progress to determine the full extent of the damage. This cyberattack has severely impacted the institution's ability to deliver educational services, forcing the reliance on alternative communication methods such as WhatsApp groups, private email addresses, and social media to maintain contact with students and parents. Additionally, there has been a loss of personal information, raising concerns over potential identity theft. Despite these challenges, the institution has opted to rebuild all systems from scratch rather than paying the ransom to the attackers.
Lessons Learned and Future Preparedness
The incident at ROC Mondriaan underscores the critical importance of cybersecurity within the education sector, especially given the increasing dependency on digital tools and the attractiveness of educational institutions as targets for ransomware attacks. The situation has highlighted the necessity for transparency and effective communication with all stakeholders in the wake of a cybersecurity breach. In response, the Dutch government has taken steps to bolster cybersecurity across the educational sector, including the implementation of a 24/7 monitoring mechanism and the introduction of periodic external audits for each institution. ROC Mondriaan's experience has reinforced the value of clear communication about the nature of the attack and the measures being taken to address it.
Sources
- ROC Mondriaan
- Ransomware's next target: Schools - POLITICO.eu
- Educational institution ROC Mondriaan in The Hague victim of major cyber attack
- List of data breaches and cyber attacks in August 2021 – 61 million records breached
- Netherlands: Your school got hacked? ROC Mondriaan VET college has the answer
- Cyber attack shuts down ROC Mondriaan in The Hague
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.