Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Vice Society ransomware gang claims responsibility for Fire Rescue Victoria hack

Vice Society, a ransomware group operating since at least mid-2021, has claimed responsibility for disrupting the communications infrastructure of Fire Rescue Victoria and breaching employee data.

user icon David Hollingworth
Thu, 12 Jan 2023
Vice Society ransomware gang claims responsibility for Fire Rescue Victoria hack
expand image

The group announced it was responsible today (12 January), alongside releasing a data set to prove the claim. The data includes job applications and budget reports and has been verified.

FRV reported late last week that employee data such as names and addresses, email and phone details, health information, tax file numbers, and superannuation details could be a part of the breach.

At the same time, FRV also formally advised the Office of the Australian Information Commissioner of breach. Law enforcement and outside security specialists have also been employed by FRV.

“FRV has today had confirmation that the criminals who attacked our IT systems on 15 December 2022 have shared FRV information on the ‘dark web’,” the fire service said in an update posted on Wednesday afternoon.

“Since this is an ongoing investigation, we will refrain from making any further comment on the nature of the attack or the criminals.”

FRV now believes that the “personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals)” may all have been affected.

Who is Vice Society?

Vice Society first came to security researchers’ attention in June 2021, when ransomware payloads with the .v-society extension were first detected in encrypted files. The group first operated with the HelloKItty ransomware but then progressed to using Zeppelin on Windows hosts, particularly using the CVE-2021-34527 vulnerability.

This year the group has been largely focused on targets in the education sector around the world and other targets of opportunity with poorly stretched security resources and non-IT-savvy employees.

Organisations in the United States are the group’s most popular targets, followed by the UK, Spain, and France — though they have been known to operate in Australia before now, too.

According to Palo Alto Networks’ Unit 42, Vice Society is in the top 10 most-effective ransomware groups, having affected over 100 organisations, with 90 of those taking place in 2022.

Initial ransom demands can exceed US$1 million but typically drop down below half that figure.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.