The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian newspaper this week.
The first attack targeted Spar wholesaler James Hall & Co on Dec. 6, resulting in Spar stores being unable to take card payments at some 600 stores across the north of England. Some Spar stores were forced to close due to the ransomware attack, while others remained open but only accepted cash payments.
The form of ransomware used and the ransom demanded was not revealed by the company at the time. Forward to the end of the month and Vice Society has taken credit for the attack.
The group said on its dark web page that it had infected James Hall and & Co along with Heron and Brearley, owner of Mannin Retail which owns 19 Spar stores on the Isle of Man. In addition to taking credit for the attack, Vice Society also dumped stolen files. Bank Info Security reports that over 93,000 stolen files were published by the gang, suggesting that neither company paid the ransom demanded in the attack.
Vice Society is also being linked to a new ransomware attack that targeted Norway-based media company Amedia AS, which publishes more than 70 newspapers. The attack struck on Tuesday and forced the company to shut off its presses. As of Wednesday, the company said that it would “take time before the situation is normal.”
The attack on Amedia is believed to have involved the exploitation of the PrintNightmare vulnerability, a Windows security flaw revealed in July.
Vice Society, believed to be a spin-off of the HelloKitty ransomware gang, first emerged earlier this year and uses various methods to gain access to victims’ networks, including exploiting PrintNightmare.
According to HIPAA Journal, the gang is known for exfiltrating data from victims’ systems before using ransomware to encrypt files – a double-tap ransomware attack. The data is then published on its data leak site to pressure victims into paying a ransom.
The gang was also behind an attack on United Health Centers, a medical services provider in California in August that resulted in the disruption of services and patient data theft. Vice Society subsequently took credit for the attack in September.