Dozens of Schools Targeted by Vice Society Ransomware in 2022

Education sector attacks

• As mentioned by the CISA and Microsoft, Vice Society ransomware has been disproportionately targeting K-12 schools and higher education institutions.
• Researchers say hackers could be timing their campaigns to coincide with this sector’s unique calendar year - the transition period between the beginning and end of the school year.

Other targets

• Other industry verticals it targets include healthcare,  NGOs, government organizations, and manufacturing. 
• Overall, the group has impacted more than 100 organizations in different sectors since it started its operations.
• The ransomware has the largest number of victims in the U.S., followed by the U.K, Spain, France, Brazil, Germany, and Spain.

Worth noting

• Unlike other ransomware groups, Vice Society does not follow the RaaS business model.
• Instead, the group utilizes pre-existing ransomware families such as HelloKitty and Zeppelin to extort victims. 
• Both the ransomware are being used as primary payloads by Vice Society affiliates in their infection chain.

Ransomware attacks on the education sector persist

• Throughout November, the education sector witnessed persistent attacks by Hive ransomware.
• At least five attacks were reported against K-12 schools and universities, of which two leaked the stolen information. 
• One of these attacks was launched against Guilford College in North Carolina, wherein the attackers stole sensitive data of students, faculty, and staff.

What to infer?