Numerous ransomware strains including the QuantumLocker, BlackCat, and Zeppelin have been used by the Vice Society ransomware group, which in recent months has been targeting educational entities around the world, according to The Record, a news site by cybersecurity firm Recorded Future.
Vice Society, also tracked as DEV-0832, used a Zeppelin ransomware variant in its latest attacks, as well as extorted victims with already stolen data, a report from the Microsoft Security Threat Intelligence team revealed.
Vice Society was also found to have deployed QuantumLocker ransomware prior to Zeppelin in an attack in July, while the group also exploited the Windows Common Log File System Driver flaw in August.
"The shift from a ransomware as a service (RaaS) offering (BlackCat) to a purchased wholly-owned malware offering (Zeppelin) and a custom Vice Society variant indicates DEV-0832 has active ties in the cybercriminal economy and has been testing ransomware payload efficacy or post-ransomware extortion opportunities," said Microsoft.
BleepingComputer reports that Knight ransomware was observed by KELA threat analysts to have the third iteration of its source code posted for sale by the operation's representative, Cyclops, on RAMP forums.