Vice Society Ransomware Group Behind Vesuvius Cyber Attack


Vice Society ransomware group claimed responsibility for the cyber attack on the global molten metal engineering company Vesuvius. The London Stock Exchange-listed company disclosed the cybersecurity incident on February 6.

Posting a screenshot of the notice published by the London-based company, the Vice Society ransomware group claimed to have confidential files that may be privileged or protected.

The group’s post further warned readers of unauthorized review, disclosure, copying, etc., of the stolen data.

Screenshot of Vice Society leak site post, via FalconFeedsio

Vesuvius data breach

Henry Knowles, Vesuvius General Counsel and Company Secretary released an announcement about the Vesuvius data breach involving unauthorized access of the systems, in a London Stock Exchange disclosure on February 6.

“Immediately upon becoming aware of unauthorized activity on our networks, we have taken the necessary steps to investigate and respond to the incident, including shutting down affected systems,” the disclosure said.

We are working with leading cyber security experts to support our investigations and identify the extent of the issue, including the impact on production and contract fulfilment.

Vesuvius employs more than 10,000 individuals. The company shares fell 3.8% in early trading on February 6.

The company disclosure did not mention any ransom demand at that time.

A preliminary analysis by Unguard showed the following flaws: HTTP Strict Transport Security (HSTS) was not enforced; no valid Content Security Policy (CSP) was implemented; X-Content-Type-Options was provisional;
the domain did not contain a valid Certification Authority Authorization (CAA) record.

Cyber attacks on companies in the United Kingdom

The Royal Mail Group suffered a cyber attack in January that led to a halt in the dispatch of items to overseas clients. Ion Cleared Derivatives announced a cybersecurity incident in February that disrupted services in the derivatives market.

The cyber attack at ION trading had traders and brokers use spreadsheets to go through deals while inputting trade data on the website individually and working through nights.

A report by Tech Monitor highlighted that of all the European countries, the United Kingdom suffers more cyber attacks.

The survey conducted for cyber attacks launched in 2022 concluded that a reason contributing to the increased threats could be underinvestment.

Most of the security incidents were reported by the energy and finance sector amounting to 16% of cyber attacks in each sector.

The most common method to target systems was found to be in vulnerabilities that were exploited to gain access. About 50% of the cyber attacks in UK-based companies were caused by exploiting IT vulnerabilities.

Following gaining access, deployment of remote access tools was observed in 14% of cyber attacks. This adds impetus to updating software regularly as soon as an upgrade is available.

Vice Society Ransomware and attack patterns

The ransomware group gained notoriety during late 2022 and early 2023 due to a series of attacks targeting various entities, including the San Francisco rapid transit system, according to a Trend Micro threat analysis report.

Even though the group primarily targets the healthcare and education sectors, Trend Micro points out that they are also focusing on the manufacturing industry. Vice Society targets were spotted in Brazil, Argentina, Switzerland, and Israel, with their primary impact being on the manufacturing industry in Brazil.

The group’s email has been present in their ransom notes. More recently, they have developed a custom ransomware builder and adopted more robust encryption methods, potentially indicating their preparation for their ransomware-as-a-service (RaaS) operation, noted the Trend Micro report.

“Like many other ransomware gangs, Vice Society is known to steal information from victims’ networks before encryption for the purposes of double extortion—threatening to publish the data on the dark web unless you pay up the ransom they demand,” noted MalwareByte Labs.

“A few of the institutions published on their leak site last year include De Montfort School, Cincinnati State, and one that made national headlines in September 2022: Los Angeles Unified, the second largest school district in the US.”





Source link