Vice Society, known for hitting K-12 schools worldwide, is the group responsible for the December 15 ransomware attack on an Australian-based firefighting and rescue service.
The Fire Rescue Victoria (FVR) organization is responsible for 85 fire stations, the majority of them in Melbourne’s metropolitan region, according to the FRV website.
The breach notification documents filed with Australian authorities on January 6th states the ransomware affected a number of the FRV internal servers, including its email system.
Last month's attack led to large amounts of data being siphoned off from the servers, which eventually was posted by Vice Society on the dark web.
The stolen data is believed to include “personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals),” said the breach notification.
FRV says their highly trained people “respond to fires, complex rescues, road crashes, emergency medical calls and hazardous chemical spills, in Australia and around the world.”
An alert banner at the top of their website states that even though FVR is “experiencing a widespread IT outage,” emergency response has not been impacted and people should continue to call the three-digit emergency code when needed.
Vice Society, whose tagline reads ‘with love,’ is known for “disproportionately targeting the education sector,” according to a warning released by the US Federal Bureau of Investigation (FBI) and the US Cybersecurity and Infrastructure Security Agency (CISA) in September 2022.
“Vice Society is an intrusion, exfiltration, and extortion hacking group that first appeared in summer 2021. Vice Society actors do not use a ransomware variant of unique origin. Instead, the actors have deployed versions of Hello Kitty/Five Hands and Zeppelin ransomware, but may deploy other variants in the future,” the warning stated.
The gang is known to take its time infiltrating and gathering information on the targeted network before they strike.
More from Cybernews:
Subscribe to our newsletter