The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian newspaper this week.
The first attack targeted Spar wholesaler James Hall & Co. on Dec. 6, resulting in Spar stores being unable to take card payments at some 600 stores across the north of England. Some Spar stores were forced to close from the ransomware attack, while others remained open but accepted only cash payments.
The form of ransomware used, and the ransom demanded was not revealed by the company at the time. Now Vice Society has taken credit for the attack.
The group said on its dark web page that it had infected James Hall and & Co. along with Heron and Brearley, owner of Mannin Retail, which owns 19 Spar stores on the Isle of Man. In addition to taking credit for the attack, Vice Society dumped stolen files. Bank Info Security reported today that more than 93,000 stolen files were published by the gang, suggesting that neither company paid the ransom demanded in the attack.
Vice Society is also being linked to a new ransomware attack that targeted Norway-based media company Amedia AS, which publishes more than 70 newspapers. The attackers struck on Tuesday and forced the company to shut off its presses. The company said that it would “take time before the situation is normal.
Amedia’s latest update confirms that its central information systems, targeted by the attack, contain personal data. Subscriber data includes name, address, cell phone number, email address, and subscription history, while employee data includes employment terms / agreements, security numbers social and wages.
We don’t yet know whether this information has actually been misused or not and we are now working to map these issues in more detail, It seems obvious that such data has been uploaded and we will notify the Norwegian Data Protection Authority.
The attack on Amedia is believed to have involved the exploitation of the PrintNightmare vulnerability, a Windows security flaw revealed in July. Vice Society, believed to be a spinoff of the HelloKitty ransomware gang, emerged earlier this year. It uses various methods to gain access to victims’ networks, including exploiting PrintNightmare.
The gang is known for exfiltrating data from victims’ systems before using ransomware to encrypt files, a so-called double-tap ransomware attack. The data is then published on its data leak site to pressure victims into paying a ransom.