Cyber Incident Victim: Linn-Mar Community School District
Date:
Aug 2022
Location:
United States of America
Summary
The Linn-Mar School District experienced a ransomware attack by the Vice Society group, which encrypted files and threatened to leak them on the dark web unless a ransom was paid within seven days. While the district initially described the incident as "technical difficulties," internal screenshots revealed the attack's severity, prompting limited physical access to buildings and causing network and phone system outages. The district engaged third-party specialists for investigation and restoration efforts, though operational impacts and potential data exposure risks remained unresolved. The incident shared similarities with a prior attack on Cedar Rapids Schools, but a direct connection was unconfirmed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around August 1, 2022, the Linn-Mar School District in Marion, Iowa, experienced a ransomware attack that disrupted its computer network. Leaked screenshots obtained by media outlets revealed a warning message from the Vice Society ransomware group stating all district files had been encrypted. The message threatened to publish files on the dark web unless contacted within seven days to purchase a decryption key, though no specific ransom amount was disclosed. District communications to staff and parents described the situation only as "technical difficulties," announcing limited physical access to buildings for the week while third-party specialists investigated the disruption. Network and phone systems remained offline during this period. The district declined to confirm or deny a cyberattack when questioned by media, with spokesperson Kevin Fry stating limited information was available. Vice Society had not listed the incident on its dark web leak site as of August 3, and attempts to contact the group yielded no response.
The attack prompted operational disruptions three weeks before the scheduled start of the school year, though the district did not confirm potential impacts on academic timelines. Security consultant Ryan Harvey advised affected individuals to change passwords due to risks of prior data exposure, noting attackers often retain copies regardless of ransom payment. Vice Society's ransomware typically spreads through malicious file downloads, with decryption reportedly impossible without attacker involvement. The Cybersecurity and Infrastructure Security Agency confirmed no involvement in the response. Parallels were drawn to a July 2022 ransomware attack on Cedar Rapids Community School District that caused week-long closures and data exposure notifications for 9,000 staff, though no confirmed connection existed between the incidents. Linn-Mar continued restoration efforts without disclosing whether systems would be operational for the upcoming academic year.