Ransomware gang Vice Modern society has claimed duty for an attack that shut down card payment devices in 600 United kingdom branches of the Dutch grocery store chain Spar. It is the latest in a string of hacks claimed by the gang, which has been mentioned for its willingness to target significant community infrastructure these kinds of as educational institutions and hospitals.

Vice Modern society has claimed duty for a ransomware attack on Spar. (Picture by NurPhoto/Getty)

Vice Modern society and the Spar hack

Last month, a ransomware attack on James Hall and Business, which gives wholesale and IT providers to Spar in the United kingdom, took down card devices in 600 stores and pressured some to near their doorways.

At the conclude of December, Vice Modern society claimed duty for the attack on its homepage on the dark website. The group detailed its “partners” as “Spar, James Hall and Business and Heron and Brearly,”  the latter becoming Spar’s other wholesale companies in the United kingdom and Isle of Male.

Whilst there is little element of the hack by itself, the fact that stolen information has reportedly appeared on the dark website implies that no ransom was paid out, states Steve Forbes, head of cyber product at Nominet. “Spar of course had great continuity designs in area that enabled it to keep the relaxation of the company operating,” provides Forbes, noting that only a handful of branches had to near.

What is Vice Modern society?

Vice Modern society was initially spotted carrying out attacks in mid-2021, and the gang has been mentioned for its ruthless behaviour. “They don’t appear to have any ethics or morals in phrases of who they’re focusing on,” states Forbes. The group has claimed duty for attacks on various faculty districts, like the Manhasset Union Free of charge University District in Lengthy Island and healthcare companies these kinds of as the United Health Centers of San Joaquin Valley, California.

Vice Modern society seems to possess a high amount of specialized skill, with its malware becoming equipped to keep on being in systems undetected. “We have noticed them becoming mindful to disable and wipe process logs to assist disguise their traces all through their attacks” clarifies Martin Lee, specialized guide of protection study at protection corporation Cisco Talos.

The group’s previous attacks might drop some gentle on how the Spar hack was carried out, states Forbes. “There’s surely the sign that they’ve utilized the PrintNightmare vulnerability, that looks to be their default approach of entry,” he states.

The PrintNightmare vulnerability is a Home windows print spooler remote code execution vulnerability that appeared in the 2nd 50 percent of 2021. “Vice Modern society is one of a compact variety of ransomware teams who have been noticed using the PrintNightmare vulnerability from early August 2021,” states Chris Morgan, senior cyber threat intelligence analyst at protection corporation Electronic Shadows. “The group works by using the exploit to attain additional privileges once they have compromised a target’s community. We can only believe that is what has happened in (the scenario of Spar) as properly.”

Despite the fact that Vice Modern society was initially spotted by scientists very last yr, it is thought to be strongly linked to an founded ransomware group known as HelloKitty, and could even be a reincarnation of the group. HelloKitty has been energetic as lately as December, and the FBI believes the gang is dependent in Ukraine.

“They [Vice Modern society] are allegedly connected to the HelloKitty ransomware group, dependent on similarities with some of their encryption modules,” Electronic Shadows’ Morgan states. Forbes agrees: “I know they’ve been connected to HelloKitty for the reason that they have incredibly similar instruments and procedures that they use to infiltrate networks and to spread laterally,” he provides.

Reporter

Claudia Glover is a team reporter on Tech Watch.