Germany-based Hamburg University of Applied Sciences has been added by the Vice Society ransomware operation to its leak site following an attack on Dec. 29, reports The Record, a news site by cybersecurity firm Recorded Future.
Threat actors were able to infiltrate HAW Hamburg's decentralized IT systems, as well as compromise its central IT and security components, enabling the acquisition of administrative rights to its central storage systems, said the university in a statement sent to its employees and students.
"With the administrative rights obtained, the encryption of various virtualized platforms and the deletion of saved backups were finally started," noted HAW Hamburg, which warned that attackers were able to copy "significant amounts of data," including usernames, email addresses, mobile numbers, and "cryptographically secured" passwords.
The restoration of impacted systems is underway. Such an attack comes after the University of Duisburg-Essen in Germany was claimed to be targeted by Vice Society in November.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.