‘Ruthless’ Vice Society claims responsibility for Spar attack

Ransomware gang Vice Society has claimed obligation for an attack that shut down card payment equipment in 600 Uk branches of the Dutch grocery store chain Spar. It is the latest in a string of hacks claimed by the gang, which has been observed for its willingness to focus on vital general public infrastructure these as universities and hospitals.

Vice Society
Vice Society has claimed obligation for a ransomware attack on Spar. (Photograph by NurPhoto/Getty)

Vice Society and the Spar hack

Past month, a ransomware attack on James Corridor and Organization, which supplies wholesale and IT providers to Spar in the Uk, took down card equipment in 600 suppliers and forced some to shut their doors.

At the conclusion of December, Vice Society claimed obligation for the attack on its homepage on the dark net. The team detailed its “partners” as “Spar, James Corridor and Organization and Heron and Brearly,”  the latter becoming Spar’s other wholesale companies in the Uk and Isle of Gentleman.

Though there is minor element of the hack itself, the point that stolen data has reportedly appeared on the dark net suggests that no ransom was compensated, claims Steve Forbes, head of cyber product or service at Nominet. “Spar naturally experienced excellent continuity designs in location that enabled it to continue to keep the rest of the organization operating,” provides Forbes, noting that only a handful of branches experienced to shut.

What is Vice Society?

Vice Society was 1st spotted carrying out assaults in mid-2021, and the gang has been observed for its ruthless conduct. “They do not look to have any ethics or morals in phrases of who they’re focusing on,” claims Forbes. The team has claimed obligation for assaults on various faculty districts, which include the Manhasset Union Absolutely free University District in Extensive Island and health care companies these as the United Health Centers of San Joaquin Valley, California.

Vice Society seems to possess a high stage of technological ability, with its malware becoming equipped to continue being in units undetected. “We have noticed them becoming very careful to disable and wipe procedure logs to assistance hide their traces during their attacks” describes Martin Lee, technological guide of security analysis at security firm Cisco Talos.

The group’s prior assaults may lose some gentle on how the Spar hack was conducted, claims Forbes. “There’s definitely the sign that they’ve utilized the PrintNightmare vulnerability, that would seem to be their default strategy of entry,” he claims.

The PrintNightmare vulnerability is a Home windows print spooler distant code execution vulnerability that appeared in the next fifty percent of 2021. “Vice Society is a single of a small amount of ransomware teams who have been noticed making use of the PrintNightmare vulnerability from early August 2021,” claims Chris Morgan, senior cyber menace intelligence analyst at security firm Electronic Shadows. “The team takes advantage of the exploit to achieve added privileges as soon as they have compromised a target’s network. We can only think that is what has transpired in (the scenario of Spar) as properly.”

Though Vice Society was 1st spotted by researchers very last year, it is imagined to be strongly connected to an set up ransomware team called HelloKitty, and could even be a reincarnation of the team. HelloKitty has been energetic as lately as December, and the FBI thinks the gang is based mostly in Ukraine.

“They [Vice Society] are allegedly connected to the HelloKitty ransomware team, based mostly on similarities with some of their encryption modules,” Electronic Shadows’ Morgan claims. Forbes agrees: “I know they’ve been connected to HelloKitty mainly because they have extremely equivalent instruments and procedures that they use to infiltrate networks and to distribute laterally,” he provides.

Reporter

Claudia Glover is a staff reporter on Tech Check.