#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Vice Society | Breaking Cybersecurity News | The Hacker News

Category — Vice Society
Rhysida Ransomware Cracked, Free Decryption Tool Released

Rhysida Ransomware Cracked, Free Decryption Tool Released

Feb 12, 2024 Vulnerability / Data Recovery
Cybersecurity researchers have uncovered an "implementation vulnerability" that has made it possible to reconstruct encryption keys and decrypt data locked by Rhysida ransomware. The findings were published last week by a group of researchers from Kookmin University and the Korea Internet and Security Agency (KISA). "Through a comprehensive analysis of Rhysida Ransomware, we identified an implementation vulnerability, enabling us to regenerate the encryption key used by the malware," the researchers  said . The development marks the first successful decryption of the ransomware strain, which first made its appearance in May 2023. A  recovery tool  is being distributed through KISA. The study is also the latest to achieve data decryption by exploiting implementation vulnerabilities in ransomware, after  Magniber v2 , Ragnar Locker,  Avaddon , and  Hive . Rhysida , which is known to share overlaps with another ransomware crew called Vice Society, leverages a ta
New Report Exposes Vice Society's Collaboration with Rhysida Ransomware

New Report Exposes Vice Society's Collaboration with Rhysida Ransomware

Aug 09, 2023 Cyber Threat / Ransomware
Tactical similarities have been unearthed between the double extortion ransomware group known as Rhysida and Vice Society , including in their targeting of education and healthcare sectors. "As Vice Society was observed deploying a variety of commodity ransomware payloads, this link does not suggest that Rhysida is exclusively used by Vice Society, but shows with at least medium confidence that Vice Society operators are now using Rhysida ransomware," Check Point  said  in a new report. Vice Society , tracked by Microsoft under the name Storm-0832, has a  pattern  of employing already existing ransomware binaries that are sold on criminal forums to pull off their attacks. The financially motivated gang has also been observed resorting to pure extortion-themed attacks wherein the data is exfiltrated without encrypting them. First observed in May 2023, the  Rhysida  ransomware group is known to rely on phishing attacks and Cobalt Strike to breach targets' networks and
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Vice Society Ransomware Using Stealthy PowerShell Tool for Data Exfiltration

Apr 17, 2023 Ransomware / Cyber Attack
Threat actors associated with the Vice Society ransomware gang have been observed using a bespoke PowerShell-based tool to fly under the radar and automate the process of exfiltrating data from compromised networks. "Threat actors (TAs) using built-in  data exfiltration   methods  like [living off the land binaries and scripts] negate the need to bring in external tools that might be flagged by security software and/or human-based security detection mechanisms," Palo Alto Networks Unit 42 researcher Ryan Chapman  said . "These methods can also hide within the general operating environment, providing subversion to the threat actor." Vice Society , tracked by Microsoft under the name DEV-0832, is an extortion-focused hacking group that emerged on the scene in May 2021. It's known to rely on ransomware binaries sold on the criminal underground to meet its goals. In December 2022, SentinelOne detailed the group's use of a ransomware variant, dubbed  PolyVi
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Dec 23, 2022 Ransomware / Endpoint Security
The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors. "This ransomware variant, dubbed ' PolyVice ,' implements a robust encryption scheme, using  NTRUEncrypt  and  ChaCha20-Poly1305  algorithms," SentinelOne researcher Antonio Cocomazzi  said  in an analysis. Vice Society , which is tracked by Microsoft under the moniker DEV-0832, is an intrusion, exfiltration, and extortion hacking group that first appeared on the threat landscape in May 2021. Unlike other ransomware gangs, the cybercrime actor does not use file-encrypting malware developed in-house. Instead, it's known to deploy third-party lockers such as Hello Kitty, Zeppelin, and RedAlert ransomware in their attacks. Per SentinelOne, indications are that the threat actor behind the custom-branded ransomware is also selling similar payloads to other hacking crews based on PolyVice's extensive similarities to ra
Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Vice Society Ransomware Attackers Targeted Dozens of Schools in 2022

Dec 07, 2022 Cyber Crime / Ransomware
The Vice Society cybercrime group has disproportionately targeted educational institutions, accounting for 33 victims in 2022 and surpassing other ransomware families like LockBit, BlackCat, BianLian, and Hive. Other prominent industry verticals targeted include healthcare, governments, manufacturing, retail, and legal services, according to an  analysis of leak site data  by Palo Alto Networks Unit 42. The cybersecurity company called Vice Society one of the "most impactful ransomware gangs of 2022." Of the 100 organizations affected in total, 35 cases have been reported from the U.S., followed by 18 in the U.K., seven in Spain, six each in Brazil and France, four each in Germany and Italy, and three cases in Australia. Active since May 2021, Vice Society stands apart from other ransomware crews in that it does not use a ransomware variant of its own, rather relying on pre-existing ransomware binaries such as HelloKitty and Zeppelin that are sold on underground forums.
Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

Oct 26, 2022
A cybercrime group known as  Vice Society  has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the group avoids deploying ransomware in some cases and rather likely carries out extortion using exfiltrated stolen data. "Shifting ransomware payloads over time from  BlackCat ,  Quantum Locker , and  Zeppelin , DEV-0832's latest payload is a Zeppelin variant that includes Vice Society-specific file extensions, such as .v-s0ciety, .v-society, and, most recently, .locked," the tech giant's cybersecurity division  said . Vice Society, active since June 2021, has been steadily observed encrypting and exfiltrating victim data, and threatening companies with exposure of siphoned information to pressure them into paying a ransom. "Unlike other RaaS (Ransomware-as-a-Service)
Expert Insights / Articles Videos
Cybersecurity Resources