A ransomware gang that has been increasingly disproportionately targeting the education sector is the subject of a joint warning issued by the FBI, CISA, and MS-ISAC.

The Vice Society ransomware group has been breaking into schools and colleges, exfiltrating sensitive data, and demanding ransom payments. The threat? If the extortionists aren’t paid, you may not be able to unlock your encrypted files, and the attackers may leak the information they have stolen from your servers online.

According to the advisory, Vice Society most likely gains its initial access to a network through compromised login credentials by exploiting unspecified internet-facing applications.

Once inside the network, the hackers spend their time exploring the IT systems they have compromised, identifying further opportunities to increase their access to sensitive data, and exfiltrating information with the intention of releasing it if a ransom payment is not forthcoming.

The group’s modus operandi can involve the exploitation of known vulnerabilities (such as the so-called PrintNightmare vulnerability found in Windows’ print spooler service) to spread laterally within an organisation.

Once sensitive data has been stolen, the group launches the ransomware attack which encrypts data and displays a ransom demand, saying that documents, photographs and databases have been stolen and encrypted, and that the contents of the files will be shared on an underground website if negotiations do not begin within seven days.

Past victims of the Vice Society attacks have included school districts and educational establishments in the United States, United Kingdom, Australia, and elsewhere.

The criminals attempt to maximise their profits by urging their victims not to seek help from third party recovery services as it “may cause increased price (they add their fee to ours) or you can become a victim of a scam.”

Unfortunately, the criminals behind the Vice Society group appear to be (Read more...)