However, it is possible, from the use of the data synchronization tool MEGASync, that the threat actor goes straight after being hacked without doing any encryption at all. The tool is used by their partners in data mining and is part of the INC ransomware kit. “In most cases, Microsoft checks that the party did not use ransomware and instead carried out a scam using only stolen data,” Microsoft said in an Oct 2022 blog post.
A common offender of the public sector
Vanilla Tempest, also tracked as DEV-0832 and Vice Society, is a known criminal in the education and healthcare sectors. Additionally, the threat actor was often seen focusing on the manufacturing industry.
Active since June 2021, the group has used several ransomware families, including BlackCat, Quantum Locker, Zeppelin, and Rhysida, and often uses PowerShell scripts in their attacks.
Source link