The ransomware gang appears to have called their victims’ bluff and published files in retaliation for non-payment.
The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian media company this week.
The first attack targeted Spar wholesaler James Hall & Co. on Dec. 6. That attack resulted in Spar stores being unable to take card payments at some 600 stores across the north of England. Some Spar stores were forced to close from the ransomware attack, while others remained open but accepted only cash payments.
The ransomware group Vice Society said on its dark web page that it had infected James Hall and & Co. along with Heron and Brearley, owner of Mannin Retail. This company owns 19 Spar stores on the Isle of Man. In addition to taking credit for the attack, Vice Society dumped more than 93,000 stolen files. This suggests that neither company paid the ransom demanded in the attack.
Vice Society is also being linked to a new ransomware attack that targeted Norway-based media company Amedia AS, which publishes more than 70 newspapers. The attackers struck on Tuesday and forced the company to shut off its presses. As of Wednesday, the company said that it would “take time before the situation is normal.”
Specializing in a “double tap” ransomware attack
Vice Society, believed to be a spinoff of the HelloKitty ransomware gang, emerged earlier this year. It uses various methods to gain access to victims’ networks, including exploiting PrintNightmare.
According to HIPAA Journal, Vice Society is known for exfiltrating data from victims’ systems before using ransomware to encrypt files, a so-called double-tap ransomware attack. The data is then published on its data leak site to pressure victims into paying a ransom.
The gang was also behind an attack on United Health Centers, a medical services provider in California in August that resulted in the disruption of services and patient data theft. Vice Society took credit for the attack in September.
2 hours ago
