Ransomware group Vice Society hits another school district

The ransomware group Vice Society has reportedly infected a school district in Cedar Rapids, Iowa, ahead of the new school year.
Vice Society web page
(Scoop News Group)

The Linn-Mar Community School District in Cedar Rapids, Iowa, has reportedly become the latest school district to be targeted by a ransomware group known as Vice Society.

In recent months the group has targeted public school districts, academic institutions and health care organizations, including the Medical University of Innsbruck and other European and U.S. institutions.

Vice Society deploys a variety of tactics, including deleting back-up data to prevent victims from restoring access to encrypted systems. The group maintains a website where it publishes the data of those who do not meet its extortion demands.

K-12 institutions continue to be an attractive target for cyber criminals as they manage swathes of personal data, but often “don’t have the staff or budget to implement next generation cyber tools,” Brad Hong, customer success manager at the IT security company, said in an emailed statement.


While reports of ransomware attacks on the public sector are generally down, there have been 64 documented attacks on local governments, schools and hospitals so far this year, according to data shared by the Institute for Security and Technology’s Ransomware Task Force.

The Linn-Mar school district has not publicly confirmed the nature of the cyberattack, though it has communicated to parents it is experiencing technical difficulties. Vice Society has also not claimed the attack on its website, which lists the San Luis Coastal Unified School District in Southern California among recent targets. A spokesperson there said that administrators were aware of the cyberattack and “working to ensure it doesn’t happen again.”

The Linn-Mar school district reported it was experiencing “technical difficulties, resulting in a disruption to certain computer systems,” in an email to families sent on August 1, KCRG reported. The school district has limited visitor access to school campuses until further notice.

“We are working diligently with third-party specialists to investigate the source of this disruption, assess its impact on our systems, and to restore full functionality to our systems as soon as possible,” Linn-Mar Superintendent Shannon Bisgard wrote in the email.  

While the Linn-Mar school district’s website does not appear to be affected by a cyberattack, links to the district’s intranet are not operational. The school district has not addressed the incident on its website or social media channels and did not immediately respond to a request for comment.


Schools within the Linn-Mar district are due to start the new school year later this month. The district’s school board is scheduled to meet on Aug. 8, but has not yet made its agenda public. The school board’s website suggests the meeting will not be live streamed on Youtube as usual “due to current technology issues.”

Lindsay McKenzie

Written by Lindsay McKenzie

Lindsay McKenzie is a reporter for StateScoop and EdScoop, covering higher education IT, broadband policy, state and local government industry news and emerging technologies.

Latest Podcasts