Vice Society ransomware gang claims responsibility for Fire Rescue Victoria hack
Vice Society, a ransomware group operating since at least mid-2021, has claimed responsibility for disrupting the communications infrastructure of Fire Rescue Victoria, and breaching employee data.
The group announced it was responsible today, alongside releasing a data set to prove the claim. The data includes job applications and budget reports, and has been verified.
FRV reported late last week that employee data such as names and addresses, email and phone details, health information, tax file numbers, and superannuation details could be a part of the breach.
At the same time, FRV also formally advised the Office of the Australian Information Commissioner of breach. Law enforcement and outside security specialists have also been employed by FRV.
“FRV has today had confirmation that the criminals who attacked our IT systems on 15 December 2022 have shared FRV information on the ‘dark web’,” the fire service said in an update posted on Wednesday afternoon.
“Since this is an ongoing investigation, we will refrain from making any further comment on the nature of the attack or the criminals.”
FRV now believes that “personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals)” may all have been affected.
Who is Vice Society?
Vice Society first came to security researchers’ attention in June 2021, when ransomware payloads with the .v-society extension were first detected in encrypted files. The group first operated with the HelloKItty ransomware, but then progressed to using Zeppelin on Windows hosts, particularly using the CVE-2021-34527 vulnerability.
This year the group has been largely focused on targets in the education sector around the world, and other targets of opportunity with poorly stretched security resources and non-IT savvy employees.
Organisations in the United States are the group’s most popular targets, followed by the UK, Spain, and France – though they have been known to operate in Australia before now, too.
According to Palo Alto Networks’ Unit 42, Vice Society is in the top ten most effective ransomware groups, having affected over 100 organisations, with 90 of those taking place in 2022.
Initial ransom demands can exceed US$1-million, but typically drop down below half that figure.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.