The Vice Society.
You might have heard of them. This ransomware actor has been hiding under the radar for some time. They’ve not hit the most visible targets that make the news. They have not found new exploits to worry security analysts.
This Vice Society has been following the slow and steady path of using what’s already been out there. Their targets? The less ambitious. They’ve gained ground attacking the Los Angeles Unified School system back in September. They’ve targeted a few hospitals here and there. They see their money makers as organizations that haven’t invested in the enterprise-grade solutions. They are looking for easy low-hanging fruit that doesn’t require masterminds to forge new paths of attack.
The Vice Society is the type of organization your clients should be thinking about right now.
This Russian-speaking group might be considered by experts a second or third-tier group. They don’t invent attacks. They steal toolkits and techniques from others. Some have labeled this group as unremarkable. They simply execute pre-packaged ransomware attack.
The concern your clients should have? They’ve been pretty successful.
Think about this for a minute. They aren’t the ones exploiting zero-day exploits. They are exploiting well-known vulnerabilities. And they are still turning a hefty profit. Think of them like a business. They aren’t that innovative, but they are able to keep their team stable enough to push through.
Is Vice Society a threat to your clients?
I’m not here to warn you of this one ransomware gang and their threat to your clients. I simply want you to see a slightly different story from the one the mainstream media is portraying right now on cybercrime.
Your clients might be mildly concerned about their data’s security. But many—if not all—still don’t understand why they would be a target. What they aren’t seeing in the headlines from major media outlets is the fact that ransomware groups have specific targets. Some do target the big government agencies, the big named Fortune 500 companies, but many are focused on much different areas of our economy. And many are driven to penetrate the SMB marketplace.
These are the types of attackers we need to be worried about. The ones using known exploits to get into business networks. This is where the story has to change.
How can you start communicating this?
Let your client experience what an attack would feel like. Not an attack where you are using brand new ransomware technologies. Show them what is at stake when common attacks—the ones the Vice Society-grade attackers use. Show them what they might be risking if they keep doing things the way they currently are.
One of the easiest ways to see this type of attack in action is by getting a free cyber stack evaluation, where we will help you understand the methodologies that attackers like Vice Society are using to successfully cripple networks in the SMB space.
Another way to get them to address their risks is by offering them a virtual Chief Security Officer (vCSO) service offering. This type of engagement will keep them aware of current threats and provide a framework to continually addressing threats as new ones appear. For more information on a tested MSP-focused vCSO framework visit www.galacticscan.com/vcso.
