Ransomware Gangs Targeting US Critical Infrastructure

Last week, notorious ransomware gangs made a splash again by targeting US critical infrastructures. One of the threat actors that victimized the defense and education sectors were the BlackCat group, also known as ALPHV, and the other was the Vice Society.

The BlackCat ransomware gang has allegedly infiltrated NJVC. NJVC is an IT company that assists intelligence and defense organizations, including the federal government and the US Department of Defense. 

BlackCat listed NJVC on its leak site and warned the company that if the ransom demand were not met, it would leak the stolen data.

The BlackCat’s leak site was inaccessible at intervals after the listing, and the name of NJVC was unlisted from the site, but it is unclear whether there is a connection between the incidents. 

The group has been operating since at least November 2021 and aims for well-known companies in crucial sectors like energy, financial institutions, legal services, and technology. 

They carried out significant attacks against the aviation firm Swissport in February 2022 and the German fuel company OilTanking GmbH in January 2022.

LAUSD School System’s Data is Leaked by the Vice Society Ransomware Gang

The Los Angeles Unified School District was the target of a cyberattack earlier this month by the ransomware gang known as Vice Society. The school district decided against paying the ransom, stating it the money is better used for students’ needs. 

The Vice Society gang added a link to the stolen data to the entry on their leak site. Additionally, they sent a message to CISA, who is helping the LAUSD with its attack response. The statement read: “CISA wasted our time, we waste CISA reputation.”

In a tweet, LAUSD superintendent Alberto Carvalho affirmed that stolen data had been made public and added that the incident’s effects were still being analyzed.

The ransomware gang claims they have stolen 500 GB of data. 

The names of some files, such as “ssn,” “Secret and Confidential,” “Passport,” and “Incident,” indicates that they may include sensitive information. 

According to a law enforcement source, the documents also contain private psychiatric evaluations of students, contract and legal documents, company records, and numerous database entries. 

LAUSD has stated that they will offer free credit monitoring services and notify affected individuals. It is recommended that impacted freeze their credit if it turns out that passports and social security numbers have been compromised to prevent financial fraud and identity theft. 

SOCRadar Helps You Keep Up-to-Date About Ransomware Gangs

The SOCRadar platform has all the information you need to know about threat actors. 

Clicking Threat Actor/Malware in the Cyber Threat Intelligence section will instantly take you to relevant information.

Once entering the searched profile, you can see detailed descriptions, the latest news, and mentions about the threat actor. An updated list of indicators of compromise is also available on this page.