article featured image


Vice Society ransomware seemed to favor educational institutions in their attacks in 2022. The Cybercrime group targeted 33 schools in the last year, surpassing other threat actors like LockBit, BlackCat, BianLian, and Hive.

Other industry verticals that attracted unwanted attention were governments, healthcare, manufacturing, commerce, and legal services

Technical Details

Vice Society ransomware does not have a ransomware variant of its own, they are using pre-existing ransomware families like HelloKitty and Zeppelin. And in some cases, the group avoids deploying ransomware altogether and carries out extortion using exfiltrated stolen data.

Educational Institutions, the Favorite Targets of Vice Society Ransomware in 2022



Initial access is obtained using compromised credentials by leveraging internet-facing applications and abusing known vulnerabilities to escalate privileges.

Six days after the initial infection the ransom demanded by Vice Society ransomware can reach $1 million but the numbers may drop after negotiations up to $460,000.

School districts with limited cybersecurity capabilities and constrained resources are often the most vulnerable to threat actors. The opportunistic targeting often seen with cybercriminals can put even school districts with robust cybersecurity programs at risk. K-12 institutions may be seen as particularly lucrative targets due to the amount of sensitive student data accessible through school systems or their managed service providers.


Vice Society Ransomware in Numbers

Vice Society ransomware is active since May 2021 but this year we see a raise in this group’s activity, Unit 42 naming it among “the top 10 of the most impactful ransomware gangs of 2022”.

Since it started, Vice impacted over 100 companies in total, and more than 90 of them were attacked in 2022 as shown by the gang’s leak site.

“Of the 100 organizations affected in total, 35 cases have been reported from the U.S., followed by 18 in the U.K., seven in Spain, six each in Brazil and France, four each in Germany and Italy, and three cases in Australia”, according to The Hacker News.

If you liked this article, follow us on LinkedInTwitterFacebookYouTube, and Instagram for more cybersecurity news and topics.

Author Profile

Andreea Chebac

Digital Content Creator

Andreea is a digital content creator within Heimdal® with a great belief in the educational power of content. A literature-born cybersecurity enthusiast (through all those SF novels…), she loves to bring her ONG, cultural, and media background to this job.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo