SentinelOne Vs. Vice Society Ransomware – Prevention and Detection

See how SentinelOne prevents and detects Vice Society Ransomware. Vice Society is a multi-pronged extortion/ransomware group that emerged in early to mid-2021. From the onset, the threat actor has shown an affinity towards medium-sized targets, with a certain focus on educational entities (ex: school districts).

The group also leverages both Windows and Linux variations of ransomware. The latter of which is frequently observed in campaigns targeting ESXi or heavily virtualized environments. Initial access is often achieved through 3rd party framework (example: Cobalt Strike). Once in their target environment, there is a heavy use of COTS utilities and LOLBINS to move as stealthily as possible.

In recently analyzed Windows samples, persistence is achieved via Registry (RUN key). In addition, an embedded .BAT file is dropped and executed by the ransomware to inhibit system recovery (removal of VSS and boot recovery options).

#cybersecurity #vicesociety #ransomware