‘Ruthless’ Vice Society claims responsibility for Spar attack
Ransomware gang Vice Culture has claimed accountability for an assault that shut down card payment equipment in 600 United kingdom branches of the Dutch grocery store chain Spar. It is the most recent in a string of hacks claimed by the gang, which has been famous for its willingness to target crucial public infrastructure these kinds of as educational institutions and hospitals.
Vice Culture and the Spar hack
Last thirty day period, a ransomware assault on James Corridor and Business, which delivers wholesale and IT companies to Spar in the United kingdom, took down card equipment in 600 retailers and forced some to close their doors.
At the stop of December, Vice Culture claimed accountability for the assault on its homepage on the darkish internet. The group mentioned its “partners” as “Spar, James Corridor and Business and Heron and Brearly,” the latter becoming Spar’s other wholesale companies in the United kingdom and Isle of Man.
Although there is little depth of the hack by itself, the fact that stolen data has reportedly appeared on the darkish internet suggests that no ransom was paid out, says Steve Forbes, head of cyber item at Nominet. “Spar of course experienced superior continuity options in spot that enabled it to preserve the rest of the small business jogging,” provides Forbes, noting that only a handful of branches experienced to close.
What is Vice Culture?
Vice Culture was first noticed carrying out assaults in mid-2021, and the gang has been famous for its ruthless behaviour. “They never appear to have any ethics or morals in terms of who they’re focusing on,” says Forbes. The group has claimed accountability for assaults on quite a few university districts, together with the Manhasset Union Free Faculty District in Prolonged Island and healthcare companies these kinds of as the United Health Centers of San Joaquin Valley, California.
Vice Culture appears to have a high amount of technological talent, with its malware becoming equipped to continue being in techniques undetected. “We have noticed them becoming cautious to disable and wipe system logs to assistance cover their traces in the course of their attacks” points out Martin Lee, technological lead of safety investigate at safety enterprise Cisco Talos.
The group’s past assaults may possibly get rid of some mild on how the Spar hack was done, says Forbes. “There’s unquestionably the indicator that they’ve employed the PrintNightmare vulnerability, that appears to be to be their default process of entry,” he says.
The PrintNightmare vulnerability is a Windows print spooler remote code execution vulnerability that appeared in the next half of 2021. “Vice Culture is 1 of a smaller quantity of ransomware groups who have been noticed employing the PrintNightmare vulnerability from early August 2021,” says Chris Morgan, senior cyber threat intelligence analyst at safety enterprise Digital Shadows. “The group uses the exploit to acquire additional privileges as soon as they have compromised a target’s community. We can only assume that is what has transpired in (the situation of Spar) as properly.”
Whilst Vice Culture was first noticed by researchers past calendar year, it is considered to be strongly connected to an founded ransomware group called HelloKitty, and could even be a reincarnation of the group. HelloKitty has been active as not too long ago as December, and the FBI believes the gang is based mostly in Ukraine.
“They [Vice Culture] are allegedly joined to the HelloKitty ransomware group, based mostly on similarities with some of their encryption modules,” Digital Shadows’ Morgan says. Forbes agrees: “I know they’ve been joined to HelloKitty mainly because they have pretty comparable tools and procedures that they use to infiltrate networks and to distribute laterally,” he provides.
Reporter
Claudia Glover is a staff members reporter on Tech Keep an eye on.
