Vice Society publishes data stolen during Vesuvius ransomware attack

1 year ago AndyC

A
notorious
ransomware
gang
has
claimed
responsibility
for
a
cyber
attack
against
Vesuvius,
the
London
Stock
Exchange-listed
molten
metal
flow
engineering
company.

The
Vice
Society
ransomware
gang
has
published
on
the
dark
web
files
that
it
stole
from
Vesuvius,
one
month
after
the
company
announced
that
it
had

suffered
a
“cyber
incident.”

Amusingly,
Vice
Society
included
a
confidentiality
notice
alongside
the
link
through
which
the
stolen
files
can
be
downloaded:

CONFIDENTIALITY
NOTICE
AND
DISCLAIMER

This
leak,
contains
many
confidential
files
which
may
also
be
privileged
or
otherwise
protected
by
work
product
immunity
or
other
legal
rules.
Any
unauthorized
review,
disclosure,
copying,
distribution
or
use
of
this
information
is
strictly
prohibited.

The
Company
accepts
no
liability
for
the
content
of
this
leak
or
for
the
consequences
of
any
actions
taken
on
the
basis
of
the
information
it
contains.
“Vice
Society”

As
if
the
Vice
Society
ransomware
gang
gives
a
damn
about
anyone’s
confidentiality,
other
than
its
own.

The
publication
of
the
files
suggests
that
negotiations
between
Vesuvius
and
its
attackers
have
not
gone
in
the
direction
Vice
Society
would
desire…
and
that
it
is
unlikely
to
receive
a
ransom
from
the
British
steel
supplier.

Sign
up
to
our
newsletter
Security
news,
advice,
and
tips.

Is
it
me,
or
does
it
feel
like
more
and
more
corporate
victims
of
ransomware
attacks
are
calling
the
bluff
of
their
extortionists?

Found
this
article
interesting?

Follow
Graham
Cluley
on
Twitter
or

Mastodon
to
read
more
of
the
exclusive
content
we
post.

Graham
Cluley
is
a
veteran
of
the
anti-virus
industry
having
worked
for
a
number
of
security
companies
since
the
early
1990s
when
he
wrote
the
first
ever
version
of
Dr
Solomon’s
Anti-Virus
Toolkit
for
Windows.
Now
an
independent
security
analyst,
he
regularly
makes

media
appearances
and
is
an

international
public
speaker
on
the
topic
of
computer
security,
hackers,
and
online
privacy.
Follow
him
on
Twitter
at

@gcluley,
on
Mastodon
at

@[email protected],
or

drop
him
an
email.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts