We’ve done a lot of reporting the past few months on cybercrime group Vice Society. The criminal group was responsible for the ransomware attack against the Los Angeles Unified School District – which exposed personal data of both students and staff in the district.

They’re making headlines again because Cybersecurity Company Palo Alto Networks Unit 42 has deemed the group one of the “most impactful ransomware gangs of 2022.”

In addition to the educational sector, Vice Society has targeted healthcare, government, manufacturing, retail and legal services as well.  The attacks aren’t held to within the United States, either. The cybercriminals have carried out attacks in the U.K., Space, Brazil, France, Germany, Italy and Australia too.

Vice Society is unique in that they don’t use their own form of ransomware to conduct their attacks. Instead, they rely on pre-existing ransomware to do their dirty work for them. Examples include HelloKitty and Zeppelin.

Vice Society uses compromised credentials to initially gain access to a victim’s system, and then from there will take advantage of known security flaws to escalate privileges.

Unit 42’s analysis of the gangs’ efforts explains how the group has a dwell time of six days inside of the victims’ environment, and that initial ransom payment amounts exceed $1 Million dollars. They also note that these initial monetary demands could drop upwards of 60% during negotiations.

“School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable to threat actors,” JR Gumarin, Researcher at Unit 42 said.

“Vice society and its consistent targeting of the education industry vertical, particularly around the September time frame, serves as a warning that this group has shaped their campaigns to take advantage of the school year in the U.S.”

Story via The Hacker News