Ransomware operators constantly seek lucrative and feasible extortion opportunities, affecting a wide array of organizations across industries. One of the latest examples of successful breaches is the Vice Society gang’s attack against the Los Angeles Unified School District that happened over the Labor Day weekend.
The attack caused widespread disruption, affecting several information management systems. Vice Society hackers also declared that they’ve exfiltrated 500 GB of data; however, this claim was not yet proven true or false.
Identify possible Vice Society-related security incidents or threats that have slipped through your automated detection methods with a SIgma-based rule developed by seasoned Threat Bounty Program detection engineer Nattatorn Chuensangarun:
The detection is available for the 26 SIEM, EDR & XDR platforms, aligned with MITRE ATT&CK® framework v.10, addressing the Persistence tactic with Boot or Logon Autostart Execution (T1547) as the main technique.
SOC Prime designed the industry-first search engine for Threat Detection engineers striving to help SOC professionals obtain comprehensive cyber threat information, including relevant Sigma rules instantly convertible to 26 SIEM, EDR, and XDR solutions. The tool includes MITRE ATT&CK mapping to enhance threat reference and threat detection application. Click on the Explore Detections button to learn more.
Multiple national cybersecurity authorities issued a joint CSA over ransomware attacks targeting the education sector as Vice Society compromised the US largest (by enrollment) school district. The Vice Society is a new kid on the block in the ransomware space, known to primarily target small and midsize targets in educational institutions. The threat actor has employed various strains in their attacks starting from 2021, including HelloKitty and Zeppelin ransomware.
Among the documented Vice Society ransomware group’s victims are also other school districts across the US such as the San Luis Coastal Unified School District and the Moon Area School District, as well as universities – the Grand Valley State University and even the Medical University of Innsbruck in Austria.
As the only provider of Detection-as-Code solutions built on zero-trust security model principles, SOC Prime offers a thoroughgoing yet flexible approach to threat detection. This approach enables InfoSec teams to respond to threats faster and detect them earlier in the attack lifecycle. Curb the trend of growing cyber risks and protect your company’s cyberspace by ensuring SOC Prime’s robust security solutions are up and running.