Ransomware Attack on ROC Mondriaan: A Major Disruption in the Education Sector

Victim Profile

ROC Mondriaan, a large educational institution with 26 locations in The Hague, Delft, Leiden, and Naaldwijk, has been targeted by the ransomware group Vicesociety. This institution, which serves more than 20,000 students and employs over 2,100 staff members, offers approximately 240 courses focused on vocational education and training. The attack has significantly disrupted their operations, leaving staff and students unable to access computer files and applications.

Vulnerabilities and Impact

The ransomware attack was executed last weekend and was publicly disclosed on Monday, just as the new school year was about to commence. ROC Mondriaan has since reported the incident to the police and the Dutch Data Protection Authority. A forensic investigation is currently in progress to determine the full extent of the damage. This cyberattack has severely impacted the institution's ability to deliver educational services, forcing the reliance on alternative communication methods such as WhatsApp groups, private email addresses, and social media to maintain contact with students and parents. Additionally, there has been a loss of personal information, raising concerns over potential identity theft. Despite these challenges, the institution has opted to rebuild all systems from scratch rather than paying the ransom to the attackers.

Lessons Learned and Future Preparedness

The incident at ROC Mondriaan underscores the critical importance of cybersecurity within the education sector, especially given the increasing dependency on digital tools and the attractiveness of educational institutions as targets for ransomware attacks. The situation has highlighted the necessity for transparency and effective communication with all stakeholders in the wake of a cybersecurity breach. In response, the Dutch government has taken steps to bolster cybersecurity across the educational sector, including the implementation of a 24/7 monitoring mechanism and the introduction of periodic external audits for each institution. ROC Mondriaan's experience has reinforced the value of clear communication about the nature of the attack and the measures being taken to address it.

Sources

• ROC Mondriaan
• Ransomware's next target: Schools - POLITICO.eu
• Educational institution ROC Mondriaan in The Hague victim of major cyber attack
• List of data breaches and cyber attacks in August 2021 – 61 million records breached
• Netherlands: Your school got hacked? ROC Mondriaan VET college has the answer
• Cyber attack shuts down ROC Mondriaan in The Hague