Vice Society Ransomware Attackers Adopt Robust Encryption Methods

2022-12-23 10:05

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors.

"This ransomware variant, dubbed 'PolyVice,' implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms," SentinelOne researcher Antonio Cocomazzi said in an analysis.

Per SentinelOne, indications are that the threat actor behind the custom-branded ransomware is also selling similar payloads to other hacking crews based on PolyVice's extensive similarities to ransomware strains Chily and SunnyDay.

It's worth pointing out that the recently discovered Royal ransomware employs similar tactics in a bid to evade anti-malware defenses, Cybereason disclosed last week.

Royal, which has its roots in the now-defunct Conti ransomware operation, has also been observed to utilize call back phishing to trick victims into installing remote desktop software for initial access.

"The ransomware ecosystem is constantly evolving, with the trend of hyperspecialization and outsourcing continuously growing," Cocomazzi said.

News URL

https://thehackernews.com/2022/12/vice-society-ransomware-attackers-adopt.html

#encryption #ransomware