Security News > 2022 > December > Vice Society ransomware gang switches to new custom encryptor
The Vice Society ransomware operation has switched to using a custom ransomware encrypt that implements a strong, hybrid encryption scheme based on NTRUEncrypt and ChaCha20-Poly1305.
According to cybersecurity firm SentinelOne, which discovered the new strain and named it "PolyVice," it's likely that Vice Society sourced it from a vendor who supplies similar tools to other ransomware groups.
Historically, Vice Society has used other ransomware operations' encryptors during attacks, including Zeppelin, Five Hands, and HelloKitty.
This appears to have changed, with Vice Society now using a new encryptor that is believed to be generated by a commodity ransomware builder.
SentinelOne's analysis reveals that PolyVice has extensive code similarities to Chilly ransomware and SunnyDay ransomware, with a 100% match on functions.
All these features indicate that whoever develops the new ransomware strains used by Vice Society, Chilly, and SunnyDay ransomware is an experienced and knowledgeable malware creator.