The Vice Society cybercrime group disproportionately targets educational institutions, with 33 victims in 2022, surpassing other ransomware families such as LockBit, BlackCat, BianLian, and Hive.
Other prominent targeted industries include healthcare, government, manufacturing, retail and legal services. Analysis of leak site data By Palo Alto Networks Unit 42.
A cybersecurity firm calls Vice Society one of the “most influential ransomware gangs of 2022.”
Of the 100 organizations affected in total, 35 cases were reported from the United States, followed by 18 in the United Kingdom, 7 in Spain, 6 each in Brazil and France, 4 each in Germany and Italy, and 3 cases in Australia. has been reported.
Vice Society, which has been active since May 2021, does not use its own ransomware variants and relies on existing ransomware binaries such as HelloKitty and Zeppelin sold on underground forums. , stands out from other ransomware crews.
Microsoft, which tracks this activity under the name DEV-0832, says the group in some cases evaded the deployment of ransomware and used extorted stolen data to carry out extortion.
the operator is Observed In addition to exploiting known security flaws to escalate privileges, it leverages internet-connected applications to gain initial network access via compromised credentials.
Unit 42’s incident response efforts show that the group stayed in the victim’s environment for six days and the initial ransom amount could exceed $1 million.
“School districts with limited cybersecurity capabilities and limited resources are often the most vulnerable to attackers,” said JR Gumalin, a researcher at Unit 42.
“The vice society and its consistent targeting of the education industry, especially around September, is a warning that this group is shaping a campaign to take advantage of the US school year.”
