Ransomware gang Vice Culture has claimed obligation for an assault that shut down card payment equipment in 600 United kingdom branches of the Dutch grocery store chain Spar. It is the hottest in a string of hacks claimed by the gang, which has been noted for its willingness to concentrate on important public infrastructure these kinds of as colleges and hospitals.
Vice Culture and the Spar hack
Very last thirty day period, a ransomware assault on James Corridor and Enterprise, which delivers wholesale and IT services to Spar in the United kingdom, took down card equipment in 600 outlets and forced some to shut their doors.
At the finish of December, Vice Culture claimed obligation for the assault on its homepage on the darkish web. The team mentioned its “partners” as “Spar, James Corridor and Enterprise and Heron and Brearly,” the latter remaining Spar’s other wholesale suppliers in the United kingdom and Isle of Person.
While there is very little depth of the hack by itself, the reality that stolen information has reportedly appeared on the darkish web suggests that no ransom was paid out, says Steve Forbes, head of cyber item at Nominet. “Spar clearly had superior continuity options in put that enabled it to continue to keep the relaxation of the company running,” adds Forbes, noting that only a handful of branches had to shut.
What is Vice Culture?
Vice Culture was initial spotted carrying out attacks in mid-2021, and the gang has been noted for its ruthless conduct. “They never appear to have any ethics or morals in phrases of who they’re targeting,” says Forbes. The team has claimed obligation for attacks on quite a few college districts, including the Manhasset Union Totally free School District in Long Island and health care suppliers these kinds of as the United Well being Centers of San Joaquin Valley, California.
Vice Culture appears to have a significant level of technological skill, with its malware remaining able to stay in systems undetected. “We have observed them remaining cautious to disable and wipe method logs to help hide their traces during their attacks” explains Martin Lee, technological lead of protection investigate at protection corporation Cisco Talos.
The group’s former attacks may shed some gentle on how the Spar hack was executed, says Forbes. “There’s undoubtedly the indication that they’ve made use of the PrintNightmare vulnerability, that appears to be to be their default strategy of entry,” he says.
The PrintNightmare vulnerability is a Windows print spooler distant code execution vulnerability that appeared in the next fifty percent of 2021. “Vice Culture is one particular of a smaller selection of ransomware teams who have been observed applying the PrintNightmare vulnerability from early August 2021,” says Chris Morgan, senior cyber risk intelligence analyst at protection corporation Electronic Shadows. “The team employs the exploit to attain more privileges once they have compromised a target’s community. We can only think that is what has transpired in (the circumstance of Spar) as well.”
While Vice Culture was initial spotted by scientists previous calendar year, it is thought to be strongly related to an founded ransomware team referred to as HelloKitty, and could even be a reincarnation of the team. HelloKitty has been lively as lately as December, and the FBI thinks the gang is dependent in Ukraine.
“They [Vice Culture] are allegedly connected to the HelloKitty ransomware team, dependent on similarities with some of their encryption modules,” Electronic Shadows’ Morgan says. Forbes agrees: “I know they’ve been connected to HelloKitty mainly because they have very similar applications and processes that they use to infiltrate networks and to unfold laterally,” he adds.
Reporter
Claudia Glover is a team reporter on Tech Watch.
More Stories
Improving Longevity and Functionality: Tips for Commercial Asphalt Optimization
Things To Look Into VPS Hosting Before Buying
Essential Tips To Secure Your Private Cloud Hosting Service