Vice Society Ransomware Gang Strikes Again
Notorious Ransomware Gang Leaks Data Stolen from Two of Its Latest Victims.
The name of the ransomware gang known as Vice Society is now linked to new victims, as stolen data is being leaked on the group`s Tor leak site. This time, the targeted organizations are the Cincinnati State Technical and Community College and IKEA stores in Morocco and Kuwait.
Another Hit to the Educational Sector
Following a cyberattack claimed by the threat actors behind the Vice Society ransomware operation, the stolen data belonging to the Cincinnati State Technical and Community College is now being made accessible on the attacker`s Tor data leak site.
The hackers posted documents stolen from the college, some of which containing personal information, meaning the ransom has not been paid. The documents date from several years ago until November 24, 2022, hinting to a maintained access to the breached systems on behalf of the cybercriminals, but this has not been verified.
Cincinnati State college informed its 10,000 students and 1,000 staff members about the cybersecurity incident earlier this month, warning that online services and returning to regular operations will take time.
Last week, however, the institution issued an update, announcing the restoration of on-campus networks and email, partial internet access, as well as classroom computers.
Cincinnati State is investigating a cybersecurity incident that occurred in early November. The College is making excellent progress towards restoring many systems and services. Classes for students are continuing on all campuses and online. Email is operating.
Although the college has posted FAQs for the employees and students, guiding them on how to interact with the administration until systems return to normal, voicemail, network printing, VPN access, network and intranet shared drives, as well as online application and registration portals are still unavailable.
IKEA on the List of Targets
The Swedish-Dutch furniture manufacturer headquartered in the Netherlands, operates two stores in Jordan, three in Kuwait, and four in Morocco. According to Cybernews, Vice Society posted data taken from IKEA stores in Morocco and Kuwait, with snippets from the gang’s leak site suggesting they managed to steal confidential business data and even sensitive employee information. However, some file names suggest that threat actors might have taken data from IKEA stores in Jordan as well.
Targeting IKEA is not out of character for Vice Society. Although one third of the ransomware gang`s victims consist of education and healthcare entities, the retail sector makes up to 7%.
Vice Society in Review
The Vice Society ransomware gang has been operating at least since late 2020 and, due to similar tactics and file naming, there has been speculation that Vice Society was tied to another ransomware group known as HelloKitty.
Vice Society is known for targeting educational institutions ranging from school districts to universities. Back in October, my colleague Maria, covered the Microsoft advisory regarding the gang`s operations against the education sector.
According to BleepingComputer, back in September the FBI warned about Vice Society’s focus on schools and universities after seeing the threat group targeting the education sector disproportionately. U.S entities are not the only ones targeted by the cybergang, international educational institutions have also fallen victim, one example being the Medical University of Innsbruck in Austria.
However, it is clear that Vice Society does not always target schools and universities. Back in June, the ransomware gang claimed responsibility for an attack that targeted the capital of the Italian island of Sicily, Palermo. The incident affected 1.3 million locals and tourists, causing a large-scale service outage.