US agencies such as the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) have released a joint Cybersecurity Advisory (CSA) after observing Vice Society threat actors targeting the education security with ransomware attacks.

The Education system, especially K – 12 schools are no strangers to cyber-attacks.  These institutions are unfortunately a frequent target of ransomware attacks and phishing threats.  School districts with limited cybersecurity capabilities are constrained resources are often the most susceptible to sophisticated attacks like these.

This CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.  This is the third CSA of 2022 which aims to provide technical information on ransomware variants and ransomware threat actors.

Vice Society is believed to be a Russian-based cybercriminal organization specializing in methods of intrusion, exfiltration, and extortion of data.  Malwarebytes has been tracking the group since December 2020.  It is believed that this group also has some affiliation with the HelloKitty ransomware group as well.  Both of these particular groups encrypt data using the .kitty or .crypted file extension, helping link the two together.  This group also acts as a hub for exchanging stolen information also known as a “leak site”.

Recommended Methods for Mitigation

Because school districts and institutions tend to be the most often targeted for ransomware, it poses significant risk to businesses that work in conjunction with the education system, and a further risk to the small and medium sized business sector as well.  Often times the small and medium sized business sector are the very next target after cyber-criminal syndicates shoppe out their tools on larger targets such as school systems.

The CSA mentioned earlier provides a lot of mitigation advice.  The techniques used by the Vice City group are not very unique from other forms of ransomware.  These mitigation methods are useful for many sort of ransomware and can even come in handy in other factors such as disaster recovery.

Backups are a core part of your recovery methods.  Implementing a recovery plan to maintain and retain multiple copies of your data, in segmented layers across multiple locations is one of the best ways to ensure that if you do ever face a ransomware or disaster event, you can still restore your data.  Maintain offline backups of data, and regularly maintain back and restoration points.  Ensure all backup data is encrypted, immutable, and covers the entire organizations data infrastructure.

Authentication methods should be implemented across all accounts that force users to meet particular criteria.  Requiring multi-factor authentication (MFA) whenever it’s possible, particularly for VPN, and other critical logins.  Audit user accounts with administrative provides to ensure that there are no unknown accounts that could be compromised and lead to escalation of privileges for rogue users.  Use long complex passwords, and password managers to help make password remembrance easier and safer at the same time.  Avoid reusing passwords, frequent passwords (no two passwords should be the same),and disabled password “hints”.  It’s also a good idea to require administrative credentials in order to install software.

Use of Anti-Malware software to help keep your workstation’s operating systems secure from potential threats.  Using anti-malware software like Sentinel One can help secure your workstations with smart AI driven malware protections.  It is also important to update your software, operating systems, and firmware to the latest stable patches available.

By following these methods, you can help keep your systems secure from online threats which are disseminated by groups like Vice Society.  You can also partner with a Managed Services Provider who understand threats like those posed by these groups.  By having a technology partner like Natural Networks, you can ensure that mitigation efforts are in place and prevention methods are followed to help protect your data and staff.  If you want to learn more about how Natural Networks can help protect your most valuable data and technology, give us a call today!