Microsoft experts have published a report on the hacker group Vice Society (aka DEV-0832), which uses ransomware to attack the educational sector in the US and other countries around the world.
According to experts, the attackers are switching between using BlackCat, QuantumLocker, Zeppelin ransomware and another variant of Zeppelin, which is used under the “brand” of Vice Society.
Let me remind you that we also reported that BlackCat Says It Attacked Creos Luxembourg, European Gas Pipeline Operator and also that The Austrian Company DSIRF Was Linked to the Knotweed Hack Group and the Subzero Malware.
The Vice Society group has been active since June 2021 and is known for using several varieties of ransomware in the networks of its victims. In addition to encrypting files, criminals steal data from compromised systems and use it for double extortion, threatening victims to release information online if ransom demands are not met.
One of the biggest and most famous victims of the Vice Society has recently been the second largest school district in the United States, LAUSD (Los Angeles Unified School District, Los Angeles Unified School District).
As Microsoft Security Threat Intelligence analysts now write, from July to October 2022, the group alternated the use of the malware listed above, and in September also used a modified version of its own RedAlert payload, which adds the .locked extension to encrypted files.
Bleeping Computer journalists note that in addition to the malware mentioned in the experts’ report, the group also uses the HelloKitty/Five Hands ransomware in its attacks.
In addition, sometimes Vice Society skips the data encryption step altogether, and operators prefer to simply steal confidential data from their victims’ networks and demand a ransom under the threat of a “drain”.
Microsoft writes that the group “continues to focus on organizations with weak security measures” that are easy to hack and ransom. In particular, the Vice Society clearly focuses on the education sector.