Searchlight Cyber analysts have identified a pattern of activity that they assess to be A precursor to vice society ransomware attacks.
Download Ransomware Spotlight: a threat intelligence bulletin derived from our visibility into the dark web.
Searchlight Cyber researchers undertook historic dark web traffic analysis on infrastructure related to known Vice Society victims to identify whether indicators of attack could be identified in connections to the dark web.
The report relates to victims that were listed on Vice Society’s leak site and whose attacks have already been reported in the public domain: Grand Valley State University, Pilton Community College, and Los Angeles Unified School District.
Examining dark web network traffic across these three victims demonstrates a consistent pattern of activity for Vice Society Attacks: a spike in dark web network traffic one to three weeks prior to the victim being listed on the Vice Society leak site. Searchlight analysts also observed that traffic is directed to victims’ public facing websites or portals, consistent with Vice Society’s use of website CVEs to gain initial access.
Download the report to find out how further analysis of the dark web traffic data of Vice Society victims could help inform:
- Incident response efforts – by establishing a clear timeline of initial access and reconnaissance.
- Threat intelligence – by contributing supporting data on the group’s Tactics, Techniques and Procedure (TTPs), such as the use of CVEs and targeting of public websites.
- Detection – with continuous analysis of dark web networks providing early warning of Vice Society’s initial access and reconnaissance.