"CISA, FBI Warn of Vice Society Ransomware Attacks on Schools"
The FBI and the US Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning that Vice Society is "disproportionately" targeting the education sector with ransomware attacks, and they expect attacks to increase as school districts across the country begin their academic years in the coming weeks. Vice Society is a double extortion ransomware group that was discovered in 2021 and was recently identified by FBI investigations. The group has used Hello Kitty/Five Hands ransomware and Zeppelin ransomware, but the FBI and CISA said that it might use other ransomware variants in the future. Typically, the group has used Internet-facing applications to compromise credentials and gain initial network access. After gaining access to domain administrator accounts, the group runs scripts to change the passwords of targets' network accounts, preventing victims from resolving the attack. The security advisory detailed the group's toolkit for moving laterally, which includes SystemBC, PowerShell Empire, and Cobalt Strike. The actors were also seen escalating their privileges by exploiting PrintNightmare, a set of vulnerabilities in Windows' print spooler service that attackers can use to gain Remote Code Execution (RCE) on target machines. Vice Society has also used several tactics to maintain persistence, such as leveraging scheduled tasks and creating undocumented autostart Registry keys. This article continues to discuss the US government agencies' warning about Vice Society ransomware attacks on schools.
Decipher reports "CISA, FBI Warn of Vice Society Ransomware Attacks on Schools"