Microsoft claims this devious ransomware gang is attacking schools
Vice Society hits US schools with different ransomware strains
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
A well-knownransomwareoperator has been targeting schools in the United States, using a signature move of ransomware payload swapping, experts have claimed.
A report fromMicrosoftresearchers claim to have observed Vice Society switch up ransomware payloads in attacks against schools in the US between July and October this year.
The company’s latest cybersecurity report claims the group regularly swaps between BlackCat, QuantumLocker, Zeppelin, and a Zeppelin variant modified to carry Vice Society’s brand identity. Since September, though, they also started deploying a modded version of the RedAlert payload, which adds the .locked file extension to all the files it encrypts.
Stealing sensitive data
The group has also reportedly been using the HelloKitty/Five Hands ransomware, as well, and in some cases, Microsoft added, the group skips the encryption part altogether and just steals the data. Later, it threatens to release it to the public unless the ransom demand is met.
“In several cases, Microsoft assesses that the group did not deploy ransomware and instead possibly performed extortion using only exfiltrated stolen data,” Microsoft’s report reads. “The shift from a ransomware as a service (RaaS) offering (BlackCat) to a purchased wholly-owned malware offering (Zeppelin) and a custom Vice Society variant indicates DEV-0832 has active ties in the cybercriminal economy and has been testing ransomware payload efficacy or post-ransomware extortion opportunities.”
Data leaked following LA schools ransomware attack>Ransomware is affecting more businesses than ever this year>Check out the best antivirus solutions out there
In September 2022, Vice Society released 500GB worth of sensitive data belonging to the Los Angeles Unified School District (LAUSD). The threat actor managed to encrypt LAUSD’s endpoints, but not before making away with folders named “SSN”, “Secret and Confidential”, “Passport”, and “Incident”.
The organization confirmed it had no intention of paying the ransom demand: “Los Angeles Unified remains firm that dollars must be used to fund students and education,” the organization had said. “Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
LAUSD encompasses more than a thousand schools, 26,000 teachers, and 600,000 students.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
I review TVs for a living and this record-low price on the Hisense U8N is one of the best early Black Friday deals I’ve seen
