Reading:
Ransomware Gangs Leak Large Amounts of Data in Recent Attacks: Hive and Vice Society

Ransomware Gangs Leak Large Amounts of Data in Recent Attacks: Hive and Vice Society

January 9, 2023

Ransomware gangs are known to release stolen data in retaliation if the ransom is not paid after successful encryption. This worsens the victim’s situation and exposes sensitive information to anyone on the internet.

Recent ransomware data leaks in this blog are a good reminder of how important it is to take proper security measures to defend against these attacks.

Hive Ransomware Leaked 550GB of Data Stolen From Healthcare Organization 

On January 6, the Hive ransomware gang listed a ransom countdown regarding Consulate Health Care on its leak site.

Consulate Health Care posted an announcement on its website to inform all customers that the data theft occurred due to the attackers gaining access to a vendor company’s network. 

As evidence of the attack, which happened on January 3, the Hive gang released samples of the stolen data. The gang claimed to have stolen contracts, NDAs, other documents, employee and customer information, social security numbers, medical history, credit cards, and private company information such as budgets, plans, and partners.

Hive ransomware gang’s victim posting on Tor leak site
Hive ransomware gang’s victim posting on Tor leak site

Dominic Alvieri, a researcher, later notified on Twitter that the Hive gang had posted the stolen data before the victim’s due time.

According to the company, the ransom demand was too much for the insurance to cover. 550GB of data belonging to Consulate Health Care was leaked as a result of their apparent failure in negotiations with the Hive ransomware gang. 

Vice Society Gang Targeted 14 Schools’ Systems with Ransomware 

The Vice Society ransomware gang has recently leaked staff and student data of 14 schools in the United Kingdom. 

According to the BBC, colleges and universities made up the majority of the affected schools in the collective incident, which also impacted elementary and secondary schools. 

The data stolen by the Vice Society included information about staff contracts and payroll, student passport scans, and children’s special educational needs (SEN) information. 

It is unknown if any of the victim schools paid the ransom demand. 

Vice Society has been infamous for targeting educational systems. CISA also issued a warning about the gang in one of their #StopRansomware alerts from September 2022. The amount of sensitive student data, according to CISA, may render schools profitable targets. 

How Can SOCRadar Help with Ransomware Attacks? 

With SOCRadar, you can continuously monitor all your digital assets while properly securing them against any vulnerabilities that threat actors may exploit to infiltrate your system.

A dark web post about the Deezer breach (Source: SOCRadar)

SOCRadar actively monitors indicators of compromise (IOCs) and threat actors in order to provide its customers with real-time actionable insights and notifications. 

Check out our Global Ransomware Report 2022. Download from here.

Hive Ransomware IOCs

Files:

Hive.bat

asq.r77vh0[.]pw

asq.d6shiiwz[.]pw

asq.swhw71un[.]pw

asd.s7610rir[.]pw

IP Addresses:

84.32.188[.]57

93.115.26[.]251

181.231.81[.]239

186.111.136[.]37

158.69.36[.]149

108.62.118[.]190

Find more IOCs here.

Vice Society Ransomware IOCs

C2 IP Addresses:

5.255.99[.]59

5.161.136[.]176

198.252.98[.]184

194.34.246[.]90

SHA1:

A0ee0761602470e24bcea5f403e8d1e8bfa29832

3122ea585623531df2e860e7d0df0f25cce39b21

41dc0ba220f30c70aea019de214eccd650bc6f37

C9c2b6a5b930392b98f132f5395d54947391cb79