Vice Society Ransomware

The Vice Society is a ransomware threat that can devastate both Windows, as well as Linux installations. The Vice Society employs a powerful encryption algorithm to lock the data stored on the infected systems. It should be noted that the Vice Society gang is a relatively new player on the ransomware landscape. The cybercriminal group emerged in mid-2021 and so far appears to concentrate its attacks against mid-sized organizations mostly. More specifically, the hackers are attacking public school districts alongside other educational institutions. 

The Vice Society group employs a double-extortion scheme where it obtains sensitive data from compromised devices and then threatens to release it to the public. The group has a dedicated leak website, where the information of victims who refuse to pay the demanded ransom is published. The Vice Society also deletes backups to prevent an easy recovery of the locked files as part of the attack. In addition, the hackers try to bypass the native Windows security measures to escalate their privileges, while also gaining access to user credentials. However, most notably, the Vice Society gang has managed to adapt and incorporate the recently discovered PrintNightmare vulnerabilities into their attack chain rapidly, joining other hacker gangs such as Conti and Magnibear ransomware groups.

Microsoft is Trying to Close PrintNigmare Exploits

PrintNightmare consists of a set of security flaws (CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) related to the Windows' print spooler service, Windows Point and Print feature, and Windows print drivers. The vulnerabilities allow attacks to move laterally within the victim's network via local privilege escalation. Due to the severity of the disclosed exploits, Microsoft has been trying to release rapidly security patches addressing the issues. So far, three patches released between June and August were needed to stop the CVE-2021-1675 and CVE-2021-34527 bugs. The last vulnerability remains unpatched for now, but Microsoft has published a security advisory with a workaround. It is extremely important to take adequate measures to protect your systems from the PrintNightmare exploits. Otherwise, the consequences could be costly.