Security News > 2022 > October > Microsoft: Vice Society targets schools with multiple ransomware families
A threat group known as Vice Society has been switching ransomware payloads in attacks targeting the education sector across the United States and worldwide.
As Microsoft Security Threat Intelligence analysts shared in a report published today, Vice Society has been swapping between BlackCat, QuantumLocker, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware.
Vice Society will also skip the ransomware deployment stage in some attacks, with the operators opting for stealing sensitive data from their victims' networks and extorting them under the threat of leaking the stolen files online.
"The shift from a ransomware as a service offering to a purchased wholly-owned malware offering and a custom Vice Society variant indicates DEV-0832 has active ties in the cybercriminal economy and has been testing ransomware payload efficacy or post-ransomware extortion opportunities."
Vice Society is a threat group active since at least early June 2021, known for deploying multiple ransomware strains on their victims' networks, such as Hello Kitty/Five Hands and Zeppelin ransomware.
Last month, the FBI and CISA also warned in a joint advisory that the Vice Society group disproportionately targets the U.S. education sector.