A ransomware operation called Vice Society has claimed responsibility for the cyber attack that rocked Spar stores across the country earlier this month. The gang most-recently was linked to an attack on a Norwegian newspaper this week.
During a targeted attack on Spar wholesaler James Hall & Co. on Dec. 6, Spar stores were unable to take card payments at some 600 stores across the north of England. Some Spar stores were forced to close from the ransomware attack, while others remained open but accepted only cash payments.
Spar confirmed the cyber attack in a tweet saying that for some of its UK operations, "there has been an online attack on our IT systems which is affecting stores' ability to process card payments, meaning that a number of Spar stores are currently closed."
Britain's National Cyber Security Center on Dec. 10 confirmed that James Hall & Co. had been attacked.
No specific ransomware group was blamed for the attack at the time.
Now, multiple reports state that Vice Society ransomware group has recently claimed credit for the hit via its data leak site.
The form of ransomware used and the ransom demanded was not revealed by the company at the time.
According to reports, the group said on its dark web page that it had infected James Hall and & Co. along with Heron and Brearley, owner of Mannin Retail, which owns 19 Spar stores on the Isle of Man. In addition to taking credit for the attack, Vice Society dumped stolen files. Bank Info Security reported today that more than 93,000 stolen files were published by the gang, suggesting that neither company paid the ransom demanded in the attack.
Vice Society is also being linked to a new ransomware attack that targeted Norway-based media company Amedia AS, which publishes more than 70 newspapers. The attackers struck on Tuesday and forced the company to shut off its presses. As of Wednesday, the company said that it would “take time before the situation is normal.”
Vice Society, believed to be a spinoff of the HelloKitty ransomware gang, emerged earlier this year. It uses various methods to gain access to victims’ networks, including exploiting PrintNightmare.
According to HIPAA Journal, the gang is known for exfiltrating data from victims’ systems before using ransomware to encrypt files, a so-called double-tap ransomware attack. The data is then published on its data leak site to pressure victims into paying a ransom.
