Microsoft claims this devious ransomware gang is attacking schools

A well-known ransomware operator has been targeting schools in the United States, using a signature move of ransomware payload swapping, e...

A well-known ransomware operator has been targeting schools in the United States, using a signature move of ransomware payload swapping, experts have claimed. 

A report from Microsoft researchers claim to have observed Vice Society switch up ransomware payloads in attacks against schools in the US between July and October this year.

The company’s latest cybersecurity report claims the group regularly swaps between BlackCat, QuantumLocker, Zeppelin, and a Zeppelin  variant modified to carry Vice Society’s brand identity. Since September, though, they also started deploying a modded version of the RedAlert payload, which adds the .locked file extension to all the files it encrypts.

Stealing sensitive data

The group has also reportedly been using the HelloKitty/Five Hands ransomware, as well, and in some cases, Microsoft added, the group skips the encryption part altogether and just steals the data. Later, it threatens to release it to the public unless the ransom demand is met.

"In several cases, Microsoft assesses that the group did not deploy ransomware and instead possibly performed extortion using only exfiltrated stolen data," Microsoft’s report reads. "The shift from a ransomware as a service (RaaS) offering (BlackCat) to a purchased wholly-owned malware offering (Zeppelin) and a custom Vice Society variant indicates DEV-0832 has active ties in the cybercriminal economy and has been testing ransomware payload efficacy or post-ransomware extortion opportunities."

In September 2022, Vice Society released 500GB worth of sensitive data belonging to the Los Angeles Unified School District (LAUSD). The threat actor managed to encrypt LAUSD’s endpoints, but not before making away with folders named “SSN”, “Secret and Confidential”, “Passport”, and “Incident”. 

The organization confirmed it had no intention of paying the ransom demand: "Los Angeles Unified remains firm that dollars must be used to fund students and education," the organization had said. "Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate."

LAUSD encompasses more than a thousand schools, 26,000 teachers, and 600,000 students.

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/HfSQI2N
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Microsoft claims this devious ransomware gang is attacking schools
Microsoft claims this devious ransomware gang is attacking schools
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/10/microsoft-claims-this-devious.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/10/microsoft-claims-this-devious.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy