Cisco: PrintNightmare is being exploited by "Vice Society" to inject ransomware

The word Print with nightmare in red used as a clipping mask

Microsoft's PrintNightmare security vulnerability is now being exploited by a ransomware group called Vice Society, according to a report by Cisco's Talos threat intelligence research team. The Talos group has been observing the Vice team's way of exploiting the Print Spooler service security issue that Microsoft has been trying for several months to patch and put an end to but with somewhat limited success.

Apparently, according to Talos' findings, the Vice Society - which has been linked to the HelloKitty ransomware group before - uses a dynamic link library (DLL) file that is associated with the ongoing PrintNightmare Print Spooler bug to infect vulnerable systems with ransomware. The name of this DLL is: 6f191f598589b7708b1890d56b374b45c6eb41610d34f976f0b4cfde8d5731af - which is quite a mouthful.

Vice Society demands from its victims a ransom, and threatens to leak the stolen data via a website it operates if the ransom is not met. Below is a screenshot of what the data leak site looks like:

Vice Society website that it leaks data through

Talos also observed some of the tactics, techniques, and procedures (TTPs) that the threat actors from Vice Society utilize to carry out the exploits.

These include the usage of ProxyChains to divert network traffic elsewhere during the invasion, and attacking the ESXi virtual servers and the data backups to make the entire system vulnerable to the ransomware infection and preventing recovery. To avoid detection by endpoint security solutions, the threat actors perform an Anti-Malware Software Interface (AMSI) bypass. You can find more technical details in the official blog here.

Report a problem with article
excel
Next Article

Save 98% off this Ultimate Microsoft Excel Business Intelligence Certification Bundle

ThisIsWin11 app settings screen
Previous Article

Unofficial tool says it lets you customize Windows 11 all in one place

1 Comment - Add comment

Advertisement