After many studies and attacks this year, cybersecurity experts have managed to reveal that the group known as The Vice Society has had the most impact. Their movements and attacks have been concentrated in the education sector, but they have managed to attack other ones. In this article, we will talk about this group.
The most impactful Cybercrime Group is The Vice Society
Palo Alto Networks Unit 42 conducted an analysis of leak sites and revealed that The Vice Society is “the most impactful ransomware gangs of 2022.” Also, its main target was educational institutions, with a count of 32 victims, which places it above other ransomware families such as LockBit, BlackCat, BianLian, and Hive.
Despite concentrating their efforts on the educational area, they also attacked industries in the fields of healthcare, governments, manufacturing, retail, and legal services. And, of course, all these attacks were located around the globe. With a total of 100 attacks, 35 cases have been reported from the U.S., 18 in the U.K., 7 in Spain, 6 in Brazil and France, 4 in Germany and Italy, and 3 cases in Australia.
It is known that this group has been active since 2021, and that their main hallmark is that they do not use a variant of their own ransomware but, instead, exploit pre-existing ransomware binaries such as HelloKitty and Zeppelin, which can be found on underground forums for a good price.
Under code DEV-0832, Microsoft security teams closely monitor Vice Society’s activities. From what they have been able to verify, they do not use ransomware in all their attacks, but in some cases, they decide to use extortion through exfiltrated stolen data.
As Unit 42 explains: “School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable to threat actors… Vice Society and its consistent targeting of the education industry vertical, particularly around the September time frame, serves as a warning that this group has shaped their campaigns to take advantage of the school year in the U.S.”
We will have to wait for their movements during 2023 to see if they continue their attacks or if they decide to return to the shadows for another group to take the spotlight.
Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.
Facebook: Eagle Tech Corp
LinkedIn: Eagle Tech
YouTube: Eagle Tech Corp