BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
BTC $58270.6324
ETH $3301.4664
BNB $400.6794
SOL $110.0515
XRP $0.5824
ADA $0.6271
AVAX $39.6830
DOGE $0.0970
TRX $0.1429
wstETH $3808.1443
DOT $8.3586
LINK $19.1334
WETH $3305.4834
MATIC $1.0428
UNI $11.0186
WBTC $57881.0446
IMX $3.3465
ICP $13.0316
BCH $301.2119
LTC $74.8427
CAKE $3.2026
ETC $28.3635
FIL $7.9610
LEO $4.4139
RNDR $7.4060
KAS $0.1700
HBAR $0.1136
DAI $1.0002
ATOM $11.3163
INJ $41.0291
VET $0.0502
TON $2.1419
OKB $51.8401
STX $3.2222
LDO $3.5190
FDUSD $0.9951
XMR $138.3902
XLM $0.1221
ARB $1.8935
NEAR $3.9358
TIA $16.9317
GRT $0.2829
WEMIX $2.2582
ENS $22.5313
MKR $2167.8555
APEX $2.4646
THETA $1.9298
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • Grouping Vice Society armed with a custom ransomware


    SentinelOne researchers have discovered that the Vice Society has acquired custom ransomware that implements a strong encryption scheme using the NTRUEncrypt and ChaCha20-Poly1305 algorithms. This version of the ransomware was named PolyVice. It was used in one of the gang's latest attacks and added the .ViceSociety extension to all encrypted files. Ransom notes called AllYFilesAE were created in each encrypted directory.

    The researchers believe that the ransomware is in the early stages of development, as debug messages were found in its code. In addition, PolyVice turned out to be very similar to RedAlert, which is why experts suggested that these programs were developed by the same group.

    Further investigation also revealed that the Vice Society payload codebase for Windows was used to create payloads by the Chily and SunnyDay factions.

    The encryption scheme used by PolyVice combines asymmetric and symmetric encryption to securely encrypt files. The malware uses the NTRUEncrypt quantum-resistant algorithm for asymmetric encryption and the ChaCha20-Poly1305 algorithm for symmetric encryption.

    The malware uses the CreateThread function to create multiple worker processes and relies on the WaitForMultipleObject call to synchronize with the main thread. The main thread and worker threads use the I/O Completion Port to communicate.

    PolyVice selectively applies discontinuous encryption:

    1. Files smaller than 5 MB are fully encrypted;

    2. Files from 5 MB to 100 MB are partially encrypted:

    • 5 MB of content is encrypted by splitting into 2 parts of 2.5 MB. The first fragment is at the top and the second fragment is at the bottom of the file.

    3. Files larger than 100 MB are partially encrypted:

    • 25 MB of content is divided into 10 fragments of 2.5 MB and distributed every 10% of the file size.

    The report concludes that the advent of PolyVice has made grouping even stronger with a strong encryption scheme.

    Author DeepWeb
    Cybercriminals attack Indian officials
    How many psilocybin mushrooms can you eat?

    Comments 0

    Add comment