One famous ransomware (opens in a new tab) Operators have targeted US schools, using a signed ransomware payload swap move, experts claim.
A report from Microsoft researchers claims to have observed the Vice Society conveying ransomware in attacks against US schools between July and October of this year.
The company’s latest cybersecurity report claims the team regularly swaps between BlackCat, QuantumLocker, Zeppelin, and a modified Zeppelin variant to carry the Vice Society’s brand identity. However, as of September they also started rolling out a modified version of the RedAlert payload that adds the .locked file extension to all files it encrypts.
Stealing sensitive data
The team is also said to be using the HelloKitty/Five Hands ransomware, and in some cases, Microsoft added, the team bypasses the encryption part entirely and only steals data. It then threatened to release it to the public unless the ransom demand was met.
“In some cases, Microsoft assessed that the team did not deploy ransomware and was instead able to perform extortion simply using stolen data that was already stolen,” the Microsoft report reads. “The shift from ransomware as a service (RaaS) delivered (BlackCat) to fully owned malware (Zeppelin) and a custom Vice Society variant shows that DEV-0832 has a positive relationship extreme in the cybercrime economy and have tested effective ransomware payloads or post-ransomware extortion opportunities.”
In September 2022, Vice Society released 500GB worth of sensitive data belonging to the Los Angeles Unified School District (LAUSD). The threat actor managed to encrypt LAUSD endpoints, but not before removing folders named “SSN”, “Secrets and Secrets”, “Passport” and “Incident”.
The organization confirmed it had no intention of paying the ransom: “Los Angeles Unified remains adamant that dollars must be used to fund students and education,” the organization said. “Paying a ransom never guarantees full data recovery, and Los Angeles Unified believes that public money is better spent on our students than surrendering to a nefarious criminal organization and illegal.”
LAUSD includes over a thousand schools, 26,000 teachers, and 600,000 students.
Through the: BleepingComputer (opens in a new tab)
