Skip to content
Detecteam
  • CompanyExpand
    • Founders Story
    • The Team
  • ProductExpand
    • About Us
  • SolutionsExpand
    • Use Cases
  • ResourcesExpand
    • Detecteam Blogs
    • Contact Us
Twitter Linkedin
Detecteam
Blog · Scenario

Vice Society Ransomware

Avatar photoByDetecteam 2023-08-242023-08-24

TLP

TLP CLEAR

Author

Jordi M. Lobo

Summary

The Vice Society ransomware group gained notoriety in late 2022 and early 2023 for launching attacks across various sectors, including San Francisco’s transit system. While education and healthcare were their primary targets, Trend Micro’s data reveals manufacturing industry infiltration in Brazil, Argentina, Switzerland, and Israel. Exploiting the PrintNightmare flaw initially, Vice Society progressed to self-made ransomware and potent encryption, possibly signaling their move towards a ransomware-as-a-service venture. With previous ransomware versions like Hello Kitty/Five Hands and Zeppelin, their evolving tactics showcase a versatile threat actor aiming to breach diverse industries using compromised credentials from underground sources.

DATA

windows_sysmon.xml_-1Download

TIMELINE

CATEGORY

Ransomware

references

  • https://www.trendmicro.com/en_us/research/23/a/vice-society-ransomware-group-targets-manufacturing-companies.html

MITRE ATT&CK

Post Tags: #T1036 - Masquerading#T1047 - Windows Management Instrumentation#T1053.005 - Scheduled Task/Job: Scheduled Task#T1055 - Process Injection#T1078.003 - Valid Accounts#T1080 - Taint Shared Content#T1190 - Exploit Public-Facing Application#T1547.001 - Registry Run Keys / Startup Folder#T1574.002 - DLL Side-Loading
Avatar photo
Detecteam
X

Detecteam is transforming cybersecurity detection from static rule-writing to autonomous, continuous validation. Our REFLEX platform automates the detection lifecycle—building, testing, validating and deploying detections in minutes, not months. We help enterprises maximize ROI on existing tools, close high-risk detection gaps faster, and scale security outcomes without scaling headcount. This is the future of detection-as-code, and we’re leading it.

CONTACT US

Detecteam Inc.
300 Lenora Street PMB 659
Seattle, WA 98121 USA
+1 (650) 542-0831
sales@detecteam.com

  • Privacy Policy

SOCIAL MEDIA

Twitter Linkedin
OUR NEWSLETTER

Check your inbox or spam to confirm your subscription.

© 2025 Detecteam Inc. All Rights Reserved.

  • Company
    • Founders Story
    • The Team
  • Product
    • About Us
  • Solutions
    • Use Cases
  • Resources
    • Detecteam Blogs
    • Contact Us
Search