In the News

Vice Society Ransomware Attackers Adopt Robust Encryption Methods

Dec 23, 2022 The Hacker News

The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors.

“This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis.

Vice Society, which is tracked by Microsoft under the moniker DEV-0832, is an intrusion, exfiltration, and extortion hacking group that first appeared on the threat landscape in May 2021.

Unlike other ransomware gangs, the cybercrime actor does not use file-encrypting malware developed in-house. Instead, it’s known to deploy third-party lockers such as Hello Kitty, Zeppelin, and RedAlert ransomware in their attacks.

Per SentinelOne, indications are that the threat actor behind the custom-branded ransomware is also selling similar payloads to other hacking crews based on PolyVice’s extensive similarities to ransomware strains Chily and SunnyDay…