Dark Web Profile: Vice Society

Dark Web Profile: Vice Society

August 4, 2022

Vice Society is a ransomware threat that is relatively new in the ransomware space. They emerged in the middle of 2021 and have targeted small or mid-size victims. It has been observed that they have been performing big-game hunting and double-extortion attacks on their targets since they started their activities. 

In addition, it has been marked that this group sometimes targets educational institutions, especially public schools. Moreover, like other prominent hunting threat actors, Vice Society has a data leak site where they disclose data stolen from victims who refuse to pay extortion demands.

Who is Vice Society’s Target?

If we examine the data, we must reach statistics about the attacks of Vice Society; we see that it explicitly targets educational institutions. To elaborate, this ransomware group has targeted the following industries the most in the past year:

Also, we know that this hacker group targets small and medium businesses rather than large ones.

In addition, we see no specific geographic area that Vice Society is targeting. When we examine the past attacks, there are criminal histories in Thailand, Germany, Vietnam, and many other regions. However, if you ask which areas they organize hacking intensively, it can be listed as follows;

Vice Society TTPs

So how do we know that a ransomware attack belongs to Vice Society? When we examined the attacks this hacker group carried out in their brief time in the ransomware field, we observed standard techniques and procedures (TTP). We can explain these TTPs as follows;

  • In victim situations, the performance of ESXi servers used for virtualization has deteriorated.
  • Using a DLL that exploits the recently revealed PrintNightmare vulnerability, for which Microsoft has already provided a patch.
  • During the post-compromise phases of the attack lifecycle, technologies like proxy chains and impact are used.
Vice Society ransom note 
Vice Society ransom note 

The Recent Attacks by Vice Society

On December 6, Spar announced via Twitter that for some of its operations in the UK, there had been an attack on the IT (Information Technology) systems affecting the card payment functions of the shops; thus, many Spar shops were closed. At first, it was unknown who was responsible for this attack. Still, the Israeli intelligence company Via informed that the ransomware group Vice Society claimed the attack through the data leak site. 

It is also known that this hack took place as a result of infiltration into the systems of James Hall & Co., the leading wholesaler of more than 600 Sports stores in the north of England, and Heron and Brearley, owner of Mannin Retail, which operates 19 Spar stores in England. While the intelligence company Kela continued its investigations, it saw 93,000 files leaked regarding the two companies mentioned. 

Vice Society made this attack for a financial purpose, but the leaked files and the fact that a lot of data was dumped by Vice Society showed that both companies did not pay the desired seedling.

Heron and Brearley left their requests for clarification unanswered for a long time. Moreover, they informed that the websites would remain offline, and the emails directed to them could not reach them. Then, on December 10, the UK National Security Center confirmed that James Hall & Co. had been attacked. 

Afterward, the National Cyber Security Center spokesperson said they were aware of the incident and were working with Heron and Brearley to solve it. James Hall & Co. then confirmed that it had brought the affected stores back online.

Attacks Continue

  • In May, Vice Society established its data leak site, listing Indianapolis, Indiana-based Eskenazi Health, a public health provider. The same month, the organization was responsible for a ransomware assault on the Waikato Region Health Board in New Zealand.

To conclude, Vice Society, like many other ransomware groups, is looking for an opportunity to steal your data! Choose wisely where and with whom you share your data! Are you scared? Then you should be on the lookout for the latest cybersecurity methods!