Brazil’s manufacturing industry under attack by Vice Society ransomware group

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

The Vice Society ransomware group is a cyber threat group that made headlines in late 2022 and early 2023 for a series of attacks against various targets, including the rapid transit system in San Francisco. They are known to focus on the education and healthcare sectors but have now been targeting the manufacturing sector as well. The group has been using various tools and techniques to carry out their attacks, such as exploiting the PrintNightmare vulnerability, deploying ransomware variants such as Hello Kitty/Five Hands and Zeppelin, and developing their own custom ransomware builder with more robust encryption methods. They are also suspected of preparing for a ransomware-as-a-service operation.