Vice Society Ransomware Gang Targeted Dozens of Schools in 2022
Reading Time: 2 minutes

Vice Society ransomware gang targeted dozens of schools in 2022 accounting for nearly 33 victims, beating other ransomware gangs like LockBit, BlackCat, BianLian, and Hive.

Palo Alto Networks Unit 42 analysis of leak site data suggests the group also targeted other prominent industry verticals targeted including healthcare, governments, manufacturing, retail, and legal services. The cybersecurity firm has dubbed Vice Society as one of the “most impactful ransomware gangs of 2022.”

Over the last few days, there has been a huge increase in phishing attempts. A total of 106 organizations have been impacted out of those, 35 from the US and 18 in the UK. There have also been seven reported cases in both Brazil and France, while we’ve seen six cases each in Italy and Germany. We even have four reports from Australia up to now.

Vice Society is a very active ransomware group, which first appeared in May 2021. They’re different from other crews because they never developed their own variant of ransomware. Instead, they make use of existing ransomware binaries, such as HelloKitty and Zeppelin which are sold on underground forums.Vice Society Ransomware Gang Targeted Dozens of Schools in 2022_1Microsoft, which is tracking the activity under the name DEV-0832, said the group avoids deploying ransomware in some cases. They instead use threats to carry out extortion using exfiltrated data.Vice Society Ransomware Gang Targeted Dozens of Schools in 2022_2The operators have been observed hacking networks by obtaining initial network access through compromised credentials, as well as exploiting security flaws to escalate their privileges.

Unit 42’s incident response efforts show that the group has a dwell time of six days in their victims’ environments and that initial ransom amounts may exceed $1 million – a figure that might drop by as much as 60% after negotiation to $460,000.

Jr. Gumarin, a researcher at Unit 42, said “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable to threat actors.”

He further added, “Vice Society and its consistent targeting of the education industry vertical, particularly around the September time frame, serves as a warning that this group has shaped their campaigns to take advantage of the school year in the U.S.”

Related Articles:
Russian Hackers Target U.S. Military Weapons and Hardware Supplier
New CryWiper Data Wiper Malware Posing as Ransomware Targets Russian Courts
Why Encryption Alone Cannot Resolve Ransomware Attacks?