According to report Palo Alto Networks Unit 42, the Vice Society grouping in 2022 Attrained 33 educational educational Institutions, this is more than other robbers, such as Lockbit, BlackCat, Bianlian and Hive.
Palo Alto Networks called Vice Society “one of the most influential groups of extortion of 2022.” In total, the victims of the group were companies from the healthcare sector, government, production, retail and legal services.
out of 100 touched organizations:
- 35 are based in the USA;
- 18 in the UK;
- 7 in Spain;
- 6 in Brazil;
- 6 V. France;
- 4 in Germany;
- 4 in Italy;
- 3 in Australia.
Vice Society, which has been working since May 2021, differs from other extortion groups in that it uses not its own software, but already finished binary files of Hellokitty and Zeppelin extortion, which are sold on underground forums.
According to Microsoft, which has assigned the DEV-0832 identifier to the group, in some cases, Vice Society does not deploy the Raising Program, but penetrates the network and exfilters the data. And then threatens to publish stolen information, if the victim does not pay the ransom.
Initial access to the network is carried out through compromised accounting data or the operation of vulnerabilities in raising privileges.
Group statistics by industries
Unit 42 analysts said that the group’s stay in the victims is 6 days, and the initial ransom amount may exceed $ 1 million, but after negotiations it may decrease by 60% to $ 400 thousand
Unit 42 J. R. Gumarin said that school districts with weak cyber protection and limited resources are often the most vulnerable to Vice Society.