Nevertheless, it’s fairly attainable, from the usage of the information synchronization instrument MEGASync, that the risk actor went straight after extortion with out making any encryption in any respect. The instrument is utilized by the associates for knowledge exfiltration and is a part of the INC ransomware equipment. “In a number of circumstances, Microsoft assesses that the group didn’t deploy ransomware and as an alternative presumably carried out extortion utilizing solely exfiltrated stolen knowledge,” Microsoft has stated in an Oct 2022 weblog.
A frequent public sector offender
Vanilla Tempest, additionally tracked as DEV-0832 and Vice Society, is a recognized offender of the schooling and healthcare sector. Moreover, the risk actor was typically noticed focusing on the manufacturing business.
Energetic since June 2021, the group has used a number of ransomware households, together with BlackCat, Quantum Locker, Zeppelin, and Rhysida, and usually makes use of PowerShell scripts of their assaults.
