Security News > 2022 > October > Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors.

"Shifting ransomware payloads over time from BlackCat, Quantum Locker, and Zeppelin, DEV-0832's latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as.v-s0ciety,.v-society, and, most recently,.locked," the tech giant's cybersecurity division said.

"Unlike other RaaS double extortion groups, Vice Society focuses on getting into the victim system to deploy ransomware binaries sold on Dark web forums," cybersecurity company SEKOIA said in an analysis of the group in July 2022.

Vice Society actors have also been spotted leveraging Cobalt Strike for lateral movement, in addition to creating scheduled tasks for persistence and abusing vulnerabilities in Windows Print Spooler and Common Log File System to escalate privileges.

"Such an incident might suggest that DEV-0832 maintains multiple ransomware payloads and switches depending on target defenses or that dispersed operators working under the DEV-0832 umbrella might maintain their own preferred ransomware payloads for distribution," Redmond noted.

"The shift from a ransomware as a service offering to a purchased wholly-owned malware offering and a custom Vice Society variant indicates DEV-0832 has active ties in the cybercriminal economy and has been testing ransomware payload efficacy or post-ransomware extortion opportunities," Microsoft said.

News URL

https://thehackernews.com/2022/10/vice-society-hackers-are-behind-several.html