NewsOnline Security

Grand Theft Cyber – Vice Society

If you follow our ransomware news, you’re definitely familiar with ransomware families such as HIVE, LockBit, BlackCat, and BianLian. These are the most known ransomware groups in recent years. But what if we told you that there’s one that has surpassed them in 2022? Enter Vice Society.

The Vice Society threat actors have been very active lately, targeting all kinds of prominent industry verticals, including healthcare and government. However, this ransomware gang seems keen on targeting educational institutions lately.

With around 40 cases (Education only), Vice Society does not appear to be stopping its malicious activities anytime soon. What is Vice Society, and how do they implement their practices? Here’s what we know.

Vice Society – Not Your Typical Ransomware

Ransomware attacks are on the rise, and threat actors are not differentiating between industries anymore. Everyone is a target, and educational institutions have recently been in the spotlight.

Yes, the education industry has suffered such attacks before. In fact, a couple of months ago, reports stated that the Transparent Tribe group targeted students in India with continuous phishing attacks.

While that’s a small-scale campaign, it sure did have an impact. Now, with Vice Society, the scale is even bigger as their attacks spread across several countries, including the US, the UK, Spain, Brazil, France, Germany, Italy, and Australia.

World Spread Vice Society
Source: Unit 42

As the title of this section reflects, Vice Society does not operate as the other families do. It doesn’t use a ransomware variant of its own.

Instead, it operates with pre-existing ransomware binaries that can be found on underground forums. We’re referring to the likes of HelloKitty and Zeppelin.

According to Cybersecurity and Infrastructure Security Agency (CISA), Vice Society obtains initial network access through compromised credentials. Not only that, but the ransomware group exploits security flaws to exfiltrate the desired data.

Once the ransomware takes root, victims will find a note that looks exactly like the one presented below:

Vice Society Leak Site

In the last part of the note, the threat actors warn their victims about trying to decrypt their files using third-party software. They state that they might fall victim to scams. Look at that; so thoughtful!

The report by Unit 42 shows that victims have around six days to pay a ransom that might exceed $1 million. This price might get a 60% drop if negotiations are successful.

The attacks on educational institutions peaked in September 2022. This proves one thing, the Vice Society group is shaping its campaigns to take advantage of this school year in the U.S.

G.T.C: Vice Society – Every School Has a Bully

Threat actors are bullies, and bullies target those who are weak and helpless. That’s why educational institutions with limited resources and cybersecurity capabilities are often the most vulnerable to cyberattacks.

Vice Society is a capable ransomware family targeting companies from various departments. Everyone should take proper precautions to fend off such attacks, starting with fixing system vulnerabilities.

It doesn’t stop here. Users are advised to stay vigilant when they’re browsing the web. Avoid clicking on any shady URL or following a link embedded within a received email. Stay Safe.

Jonathan Beesly

Jonathan is the main author at He regularly publishes posts that aim to introduce better cyber-security practices to the masses.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Articles

Back to top button