Vice Society Ransomware Group

Industries: Construction, Education, Entertainment, Financial Services, Government, Healthcare, Hospitality, Insurance, Manufacturing, Non-profit, Retail, Telecommunications, Utilities | Level: Tactical | Source: Sekoia

SEKOIA has provided tracking of the Vice Society ransomware group. The double extortion group from its inception last year to mid-June 2022, has compromised at least 88 victims, as indicated on the group's data leak site. The threat group appears to target all industries with specific emphasis on academic institutions accounting for 26.1% of their target profile, with targets in the health sector at 11.4%. Threat actors associated with the group are not known to be highly advanced as shared by SEKOIA, "Vice Society group operators leverage very common pentesters skills, as described by Talos in one of their reports. Exploiting publicly available vulnerabilities (such as PrintNightmare) to perform remote code execution seems to be the most advanced technique the group has been observed using." HelloKitty ransomware was used to target Linux victims and Zeppelin ransomware to target Windows-based victims.

Anvilogic Use Cases:

• Additional dll added to Spool Driver
• Rare dll called by Spoolsv.exe