The Vice Society ransomware actors have switched to yet another custom ransomware payload in their recent attacks aimed at a variety of sectors.
“This ransomware variant, dubbed ‘PolyVice,’ implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms,” SentinelOne researcher Antonio Cocomazzi said in an analysis.
Vice Society, which is tracked by Microsoft under the moniker DEV-0832, is an intrusion, exfiltration, and extortion hacking group that first appeared on the threat landscape in May 2021.
Unlike other ransomware gangs, the cybercrime actor does not use file-encrypting malware developed in-house. Instead, it’s known to deploy third-party lockers such as Hello Kitty, Zeppelin, and RedAlert ransomware in their attacks.
Per SentinelOne, indications are that the threat actor behind the custom-branded ransomware is also selling similar payloads to other hacking crews based on PolyVice’s extensive similarities to ransomware strains Chily and SunnyDay.
images from Hacker News