Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Home/BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Ransomware, Security Advisory, Security Update/Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

SentinelLabs disclosed that the Vice Society group has adopted a new custom-branded ransomware payload in recent intrusions, dubbed ‘PolyVice,’ which implements an encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms.

Vice Society Ransomware

Vice Society, active since June 2021, has been steadily observed encrypting and exfiltrating victim data, and threatening companies with exposure of siphoned information to pressure them into paying a ransom.

entinelLabs identified a ransomware deployment that appended the file extension [dot]ViceSociety to all encrypted files in addition to dropping ransom notes with the file name ‘AllYFilesAE’ in each encrypted directory. 

The Vice Society has used a toolkit overpopulated with different ransomware strains and variants. PolyVice ransomware is a 64-bit binary that uses multi-threading for parallel symmetric data encryption, utilizing the victim’s processor in full to speed up the encryption process.

Cocomazzi concluded that the Vice Society group has established itself as a highly-resourced and capable threat actor, capable of successfully carrying out ransom attacks against large environments and with connections within the criminal underground. “The adoption of the PolyVice Ransomware variant has further strengthened their ransomware campaigns, enabling them to quickly and effectively encrypt victims’ data using a robust encryption scheme,” he added.

All these features indicate that whoever develops the new ransomware strains used by Vice Society, Chilly, and SunnyDay ransomware is an experienced and knowledgeable malware creator.

Indicators of Compromise

c8e7ecbbe78a26bea813eeed6801a0ac9d1eacac
342c3be7cb4bae9c8476e578ac580b5325342941
f366e079116a11c618edcb3e8bf24bcd2ffe3f72a6776981bf1af7381e504d61
da6a7e9d39f6a9c802bbd1ce60909de2b6e2a2aa
039e1765de1cdec65ad5e49266ab794f8e5642adb0bdeb78d8c0b77e8b34ae09
2b3fea431f342c7b8bcff4b89715002e44d662c7
7b379458349f338d22093bb634b60b867d7fd1873cbd7c65c445f08e73cbb1f6
6cfb5b4a68100678d95270e3d188572a30abd568
4dabb914b8a29506e1eced1d0467c34107767f10fdefa08c40112b2e6fc32e41
a0f58562085246f6b544b7e24dc78c17ce7ed5ad
9d9e949ecd72d7a7c4ae9deae4c035dcae826260ff3b6e8a156240e28d7dbfef
0abc350662b81a7c81aed0676ffc70ac75c1a495
326a159fc2e7f29ca1a4c9a64d45b76a4a072bc39ba864c49d804229c5f6d796
3105d6651f724ac90ff5cf667a600c36b0386272
8c8cb887b081e0d92856fb68a7df0dabf0b26ed8f0a6c8ed22d785e596ce87f4

File Extension

.ViceSociety
.v-society

Email Accounts

v-society.official@onionmail[.]org
EliasDibbert@onionmail[.]org
YvoneKirlin@onionmail[.]org
NormanTerry@onionmail[.]org
SylvesterTurcotte@onionmail[.]org
vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad[.]onion

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 206
By | 2022-12-27T22:05:33+05:30 December 23rd, 2022|BOTNET, Compromised, Data Breach, Exploitation, Internet Security, malicious cyber actors, Ransomware, Security Advisory, Security Update|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!