Vice Society

Medium ConfidenceHigh Threat

DEV-0832

Vice Society is a ransomware operation that has been active since at least 2021, primarily targeting education and healthcare sectors. The group is notable for using various ransomware strains rather than developing their own, including HelloKitty, Zeppelin, and custom variants. Vice Society gained significant attention for numerous attacks against K-12 schools and universities, causing widespread disruption to educational institutions. The group employs double extortion tactics and maintains a leak site for publishing stolen data.

Origin: Russia

Sponsor: Cybercriminal (No State Sponsor)

Active: 2021 - Present

Victims: 200+ organizations

Advanced

Active

Financial Gain

Risk Assessment

Composite Risk Score

High Risk

ARCS Compliance72

Escalation Risk70

Grievance Index68

Infrastructure Impact75

History & Evolution

Targeting

Target Sectors

EducationHealthcareGovernment

Target Regions

United StatesEurope

Attribution & Affiliations

Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: Medium.

Intelligence Assessment

High

Threat Level

Moderately

Targeting

Moderately

Adaptability

High

Persistence

Continuous

Op Tempo

Active

Status

Future Outlook

Vice Society is expected to continue operations targeting Education sectors.

Timeline of Key Events

2021

Major

First observed activity of Vice Society

2024

Moderate

Continued active operations