2023-01-04

Vice Society Launches Custom 'PolyVice' Encryptor

Level: 
Strategic
  |  Source: 
SentinelOne
Global
Share:

Vice Society Launches Custom 'PolyVice' Encryptor

Category: Ransomware News | Industry: Global | Level: Strategic | Source: SentinelOne

Vice Society is now deploying its own custom encryptor named, 'PolyVice' in attacks. Previously, Vice Society relied on third-party ransomware strains such as HelloKitty (aka FiveHands) and Zeppelin. SentinelOne researchers reported the discovery, observing the ransomware variant on July 13th, 2022, however, it did not appear to be fully adopted into the group's infection chain. An analysis of the 'PolyVice' encryptor finds it uses NTRUEncrypt and ChaCha20-Poly1305 algorithms for its encryption scheme. Coding similarities were found in 'PolyVice' with function matches to Chilly and SunnyDay ransomware. When executed the 'PolyVice' encryptor appends the ".ViceSociety" file extension onto locked files and in addition, drops the ransom note file named, 'AllYFilesAE'. To help optimize the speed of the encryption process, 'PolyVice' uses a "multi-threading approach to parallelize the encryption of the files." Since Vice Society emerged in June 2021, they have established itself as a highly proficient and well-resourced threat actor. Being a highly opportunistic group, Vice Society operators target all verticals with a particular interest in under-resourced industries such as education and healthcare.

Get trending threats published weekly by the Anvilogic team.

Sign Up Now