Vice Society

Threat Actor updated 4 days ago (2024-11-29T14:10:13.861Z)
Download STIX
Preview STIX
Vice Society, a threat actor or hacking team with malicious intent, has been active since 2022 and has made significant waves in the cybersecurity world. The group is known for deploying various forms of ransomware, including BlackCat, Quantum Locker, Zeppelin, and their own branded variant of Zeppelin ransomware. In 2023, they shifted to using Rhysida ransomware, which was linked to them by multiple researchers. Notably, Vice Society has been observed changing their ransomware payload over time, most recently adopting INC ransomware as of August 2024. Their activities have attracted the attention of law enforcement, leading to the disappearance of Royal ransomware and Vice Society's activities in the first half of 2023. The group has primarily targeted educational and healthcare sectors, causing substantial damage and data breaches. In January 2023, they leaked confidential data from 14 schools online, including sensitive information about special educational needs (SEN), pupil passport scans, staff pay scales, and contract details. They were also responsible for a crippling attack on the Los Angeles Unified School District (LAUSD) in September 2022. Other significant attacks attributed to Vice Society include those on the University of Duisburg-Essen in Germany, the Kaiserslautern University of Applied Sciences, and the Hamburg University of Applied Sciences. Rhysida, formerly known as Vice Society, continues to be a major threat, particularly due to its focus on targeting educational sectors. The group uses a double extortion tactic, threatening to release stolen data to pressure victims into paying ransoms. Two ransomware gangs, LockBit and Rhysida, were behind a significant increase in attacks, with more than 100 incidents attributed to them. As the trend of specialized ransomware groups like Rhysida targeting educational sectors continues, it becomes increasingly important to implement robust cybersecurity measures.
Description last updated: 2024-09-26T22:16:38.595Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Rhysida is a possible alias for Vice Society. Rhysida is a globally active threat actor known for its ransomware operations, which have impacted a wide range of sectors, particularly the government and public sector. Their use of CleanUpLoader makes their operations highly effective and difficult to detect, as it not only facilitates persistenc
7
Rhysida Ransomware is a possible alias for Vice Society. The Rhysida ransomware, a malicious software known for exploiting and damaging computer systems, has been actively disrupting cybersecurity since May 2023. This malware infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal pe
6
Vanilla Tempest is a possible alias for Vice Society. Vanilla Tempest, also known as Vice Society or DEV-0832, is a significant threat actor that has been increasingly active in the cybercrime landscape since 2022. This group primarily targets U.S. healthcare organizations and educational institutions, employing a variety of ransomware strains to execu
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Malware
RaaS
School
Exploits
Ransom
Uk
Education
Windows
Healthcare
Extortion
Locker
Encryption
PowerShell
CISA
Vulnerability
Health
Phishing
Data Leak
Linux
Lateral Move...
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Clop Malware is associated with Vice Society. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
4
The Lockbit Malware is associated with Vice Society. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
4
The REvil Malware is associated with Vice Society. REvil, also known as Sodinokibi, is a malicious software (malware) that operates on a Ransomware as a Service (RaaS) model. This model became increasingly popular in 2020, with first-stage malware like Dridex and Gootkit being linked to ransomware attacks such as BitPaymer and REvil respectively. ThUnspecified
3
The Hive Malware is associated with Vice Society. Hive is a form of malware, specifically ransomware, designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Hive can steal personal information, disrupt operations, or hold data hostagUnspecified
3
The Snatch Malware is associated with Vice Society. Snatch is a type of malware, specifically a ransomware, that poses significant threats to digital security. This malicious software infiltrates systems typically via suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Snatch can cause extensive damage, incUnspecified
2
The Systembc Malware is associated with Vice Society. SystemBC is a type of malware, or malicious software, known for its disruptive and exploitative nature. It infiltrates systems through dubious downloads, emails, or websites, often unbeknownst to the user. Once embedded, it can steal personal information, interrupt operations, or hold data hostage fUnspecified
2
The Akira Malware is associated with Vice Society. Akira is a potent ransomware that has been active since 2023, known for its aggressive encryption tactics and swift deployment. This malware, which brings a unique '80s aesthetic to the dark web, has quickly risen in prominence within the cybercrime landscape. It has targeted hundreds of victims gloUnspecified
2
The Karakurt Malware is associated with Vice Society. Karakurt is a malicious software (malware) that has been linked to significant data extortion activities. The malware is affiliated with the notorious Conti cybercrime syndicate and ITG23, which are known for their disruptive operations, including data theft and ransom demands. In 2023, there was a Unspecified
2
The Black Basta Malware is associated with Vice Society. Black Basta is a notorious malware group known for its sophisticated ransomware attacks, which have targeted numerous high-profile entities. The group has demonstrated a remarkable ability to adapt their tactics, techniques, and procedures (TTPs), allowing them to effectively evade security defensesUnspecified
2
The Conti Malware is associated with Vice Society. Conti is a type of malware, specifically ransomware, which is designed to infiltrate and damage computer systems. This malicious software can enter systems through various methods such as suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personaUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Alphv Threat Actor is associated with Vice Society. Alphv, also known as BlackCat, is a threat actor group that has been linked to numerous cyberattacks, particularly targeting the healthcare sector. The group made headlines when it stole 5TB of data from Morrison Community Hospital, causing significant disruption and raising concerns about patient pUnspecified
6
The BianLian Threat Actor is associated with Vice Society. BianLian is a threat actor that has been active in cybercrime, leveraging various techniques for malicious intent. Prior to January 2024, the group used an encryptor (encryptor.exe) that modified all encrypted files to have the .bianlian extension and created a ransom note in each affected directoryUnspecified
2
Source Document References
Information about the Vice Society Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
2 months ago
InfoSecurity-magazine
6 months ago
Malwarebytes
8 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
CERT-EU
9 months ago
InfoSecurity-magazine
9 months ago
CERT-EU
9 months ago
Malwarebytes
10 months ago
Unit42
10 months ago
Malwarebytes
10 months ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
CERT-EU
a year ago