Vice society is a little-known double extortion group that recently joined the cybercrime ecosystem. Since then, it showed a steady activity, encrypting and exfiltrating its victim’s data and threatening their victims to leak their information to pressure them into paying a ransom.
Unlike other RaaS (Ransomware-as-a-Service) double extortion groups, Vice society focuses on getting into the victim system to deploy ransomware binaries sold on Dark web forums. This is likely a way for this group to save resources in developing its own ransomware.
To conduct its operations, Vice society uses Zeppelin and HelloKitty ransomware.
Our Threat Detection and Research team has written an article in which they perform a technical analysis of the Vice society ransomware group. You will find IoCs and Yara rule to detect it.
You can also consult other content present in our glossary: