Ransomware gang Vice Modern society has claimed responsibility for an assault that shut down card payment devices in 600 British isles branches of the Dutch supermarket chain Spar. It is the hottest in a string of hacks claimed by the gang, which has been pointed out for its willingness to goal crucial community infrastructure these as faculties and hospitals.
Vice Modern society and the Spar hack
Final thirty day period, a ransomware assault on James Corridor and Firm, which provides wholesale and IT products and services to Spar in the British isles, took down card devices in 600 stores and pressured some to shut their doors.
At the conclusion of December, Vice Modern society claimed responsibility for the assault on its homepage on the darkish website. The group listed its “partners” as “Spar, James Corridor and Firm and Heron and Brearly,” the latter getting Spar’s other wholesale companies in the British isles and Isle of Man.
Even though there is little depth of the hack alone, the reality that stolen knowledge has reportedly appeared on the darkish website indicates that no ransom was paid, states Steve Forbes, head of cyber solution at Nominet. “Spar clearly experienced fantastic continuity programs in place that enabled it to hold the rest of the business enterprise functioning,” provides Forbes, noting that only a handful of branches experienced to shut.
What is Vice Modern society?
Vice Modern society was initial noticed carrying out assaults in mid-2021, and the gang has been pointed out for its ruthless behaviour. “They never seem to be to have any ethics or morals in conditions of who they are targeting,” states Forbes. The group has claimed responsibility for assaults on numerous university districts, like the Manhasset Union Free of charge School District in Extended Island and health care companies these as the United Wellness Centers of San Joaquin Valley, California.
Vice Modern society seems to possess a higher level of complex talent, with its malware getting in a position to stay in techniques undetected. “We have noticed them getting mindful to disable and wipe system logs to assistance cover their traces for the duration of their attacks” points out Martin Lee, complex direct of stability exploration at stability corporation Cisco Talos.
The group’s preceding assaults may perhaps lose some gentle on how the Spar hack was conducted, states Forbes. “There’s absolutely the indication that they’ve employed the PrintNightmare vulnerability, that seems to be their default system of entry,” he states.
The PrintNightmare vulnerability is a Windows print spooler distant code execution vulnerability that appeared in the second fifty percent of 2021. “Vice Modern society is a single of a small selection of ransomware teams who have been noticed utilizing the PrintNightmare vulnerability from early August 2021,” states Chris Morgan, senior cyber danger intelligence analyst at stability corporation Digital Shadows. “The group utilizes the exploit to achieve added privileges as soon as they have compromised a target’s network. We can only presume that is what has happened in (the case of Spar) as well.”
While Vice Modern society was initial noticed by researchers final yr, it is imagined to be strongly related to an founded ransomware group called HelloKitty, and could even be a reincarnation of the group. HelloKitty has been active as not too long ago as December, and the FBI believes the gang is primarily based in Ukraine.
“They [Vice Modern society] are allegedly linked to the HelloKitty ransomware group, primarily based on similarities with some of their encryption modules,” Digital Shadows’ Morgan states. Forbes agrees: “I know they’ve been linked to HelloKitty since they have very identical instruments and procedures that they use to infiltrate networks and to distribute laterally,” he provides.
Claudia Glover is a staff members reporter on Tech Keep track of.