Vice Society is a little-known double extortion group that joined the cybercrime ecosystem a year ago. Since then, it showed a steady activity, encrypting and exfiltrating its victim’s data and threatening their victims to leak their information to pressure them into paying a ransom. Unlike other RaaS (Ransomware-as-a-Service) double extortion groups, Vice Society focuses on getting into the victim system to deploy ransomware binaries sold on Dark web forums. This is likely a way for this group to save resources in developing its own ransomware.
SEKOIA.IO investigations show they are currently leveraging the Zeppelin ransomware targeting Windows systems, while HelloKitty samples were retrieved from their campaigns targeting Linux systems at the end of 2021. We also believe the group representatives are English native speakers.
Related Resource: FLINT 2022-035 - Vice Society: a discreet but steady double extortion ransomware group