The threat actor known as Vanilla Tempest, also identified as DEV-0832 and Vice Society, has once again targeted the education and healthcare sector. This time, however, they have taken a different approach by using the data synchronization tool MEGASync to go straight for extortion without encrypting any files. This tool, which is part of the INC ransomware kit, is often used by affiliates of Vanilla Tempest for data exfiltration.
According to Microsoft, there have been cases where the threat actor did not deploy ransomware at all and instead chose to extort victims by threatening to release stolen data. This new tactic shows a shift in the group’s modus operandi, indicating a willingness to adapt and evolve their methods to maximize their profits.
Vanilla Tempest has been a frequent offender in the public sector, targeting organizations in the education, healthcare, and manufacturing industries. Since June 2021, the group has been actively carrying out attacks using various ransomware families, including BlackCat, Quantum Locker, Zeppelin, and Rhysida. In addition, they often employ PowerShell scripts in their attacks to gain further access and control over their victims’ systems.
The choice to use MEGASync for extortion purposes highlights the group’s sophisticated understanding of ransomware tactics and their willingness to explore new avenues for financial gain. By utilizing tools like MEGASync, Vanilla Tempest is able to circumvent the need for encryption and instead leverage stolen data to pressure victims into paying a ransom.
The latest attacks by Vanilla Tempest serve as a reminder of the ever-evolving threat landscape faced by organizations in the public sector. With threat actors constantly developing new tactics and techniques, it is essential for organizations to stay vigilant and implement robust cybersecurity measures to protect their data and systems.
As the investigation into these attacks continues, it is critical for organizations to collaborate with cybersecurity experts and law enforcement agencies to identify and mitigate any potential threats. By working together, organizations can enhance their defenses and better protect themselves against evolving cyber threats like those posed by Vanilla Tempest and other sophisticated threat actors.