New #PolyVice #ViceSociety branded #Ransomware sample uploaded on VT
Ext: .v1cesO0ciety
Ransom Note: AllYFilesAE!

URL --> https://www.virustotal.com/gui/file/1df9b68a8642e6d1fcb786d90a1be8d9633ee3d49a08a5e79174c7150061faa8/details

Mails:
876505846904@onionmail[.]org
316186524106@onionmail[.]org
v-society.official@onionmail[.]org

Tor:
vsociethok6sbprvevl4dlwbqrzyhxcxaqpvcqt5belwvsuxaxsutyad[.]onion
vsocietyjynbgmz4n4lietzmqrg2tab4roxwd2c2btufdwxi6v2pptyd[.]onion
ssq4zimieeanazkzc5ld4v5hdibi2nzwzdibfh5n5w4pw5mcik76lzyd[.]onion
wmp2rvrkecyx72i3x7ejhyd3yr6fn5uqo7wfus7cz7qnwr6uzhcbrwad[.]onion
ml3mjpuhnmse4kjij7ggupenw34755y4uj7t742qf7jg5impt5ulhkid[.]onion
fuckcisanet5nzv4d766izugxhnqqgiyllzfynyb4whzbqhzjojbn7id[.]onion
fuckfbrlvtibsdw5rxtfjxtog6dfgpz62ewoc2rpor2s6zd5nog4zxad[.]onion

🛡️ Microsoft recibe multa por privacidad de datos de $64 millones, Vice Society ha pasado a un nuevo #ransomware de marca personalizada que los investigadores han denominado #PolyVice y los usuarios de #LastPass alertados sobre el robo de datos. https://bit.ly/3hSs3na #news

Excited to share my latest research about the #ViceSociety #Ransomware group and the growing #threat of custom-branded ransomware! 🔥

A thread 🧵

The #PolyVice ransomware variant used by the Vice Society group has a robust encryption scheme using #NTRUEncrypt and ChaCha20-Poly1305 algorithms.

We examine the connections between the Vice Society payload and other ransomware strains and variants.
Our analysis reveals that the codebase for the PolyVice variant has been used to build custom-branded payloads for other threat groups as well.

This is significant because it suggests that the Vice Society group is not developing their own ransomware payloads, but rather outsourcing its development.

One of the most rewarding parts was diving into the reversing process and trying to understand the logic of the PolyVice variant's code.

It's an interesting locker implementation.

More juicy details here 👇

https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/

Excited to share my latest research about the #ViceSociety #Ransomware group and the growing #threat of custom-branded ransomware! 🔥

A thread 🧵

The #PolyVice ransomware variant used by the Vice Society group has a robust encryption scheme using #NTRUEncrypt and ChaCha20-Poly1305 algorithms.

We examine the connections between the Vice Society payload and other ransomware strains and variants.
Our analysis reveals that the codebase for the PolyVice variant has been used to build custom-branded payloads for other threat groups as well.

This is significant because it suggests that the Vice Society group is not developing their own ransomware payloads, but rather outsourcing its development.

One of the most rewarding parts was diving into the reversing process and trying to understand the logic of the PolyVice variant's code.

It's an interesting locker implementation.

More juicy details here 👇

https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/