splinter_code · @splinter_code
53 followers · 6 posts · Server infosec.exchangeExcited to share my latest research about the #ViceSociety #Ransomware group and the growing #threat of custom-branded ransomware! ๐ฅ
A thread ๐งต
The #PolyVice ransomware variant used by the Vice Society group has a robust encryption scheme using #NTRUEncrypt and ChaCha20-Poly1305 algorithms.
We examine the connections between the Vice Society payload and other ransomware strains and variants.
Our analysis reveals that the codebase for the PolyVice variant has been used to build custom-branded payloads for other threat groups as well.
This is significant because it suggests that the Vice Society group is not developing their own ransomware payloads, but rather outsourcing its development.
One of the most rewarding parts was diving into the reversing process and trying to understand the logic of the PolyVice variant's code.
It's an interesting locker implementation.
More juicy details here ๐
#vicesociety #ransomware #threat #polyvice #ntruencrypt
splinter_code · @splinter_code
66 followers · 8 posts · Server infosec.exchangeExcited to share my latest research about the #ViceSociety #Ransomware group and the growing #threat of custom-branded ransomware! ๐ฅ
A thread ๐งต
The #PolyVice ransomware variant used by the Vice Society group has a robust encryption scheme using #NTRUEncrypt and ChaCha20-Poly1305 algorithms.
We examine the connections between the Vice Society payload and other ransomware strains and variants.
Our analysis reveals that the codebase for the PolyVice variant has been used to build custom-branded payloads for other threat groups as well.
This is significant because it suggests that the Vice Society group is not developing their own ransomware payloads, but rather outsourcing its development.
One of the most rewarding parts was diving into the reversing process and trying to understand the logic of the PolyVice variant's code.
It's an interesting locker implementation.
More juicy details here ๐
#vicesociety #ransomware #threat #polyvice #ntruencrypt