Vice Society

Ransomware Leak Sites

Vice Society

Active Since

May 2021 (last active June 2023)

Total Victims as of January 2024


Known Forum Aliases


Active Forum Accounts


Top Targeted Geographies

US, UK, France

Vice Society was a ransomware/data extortion operation that primarily targeted organizations in the education sector.

It gained notoriety for conducting a spree of attacks towards the end of 2022 and beginning 2023 on institutions in North America and Europe including the Los Angeles Unified School District, University Institute of Technology of Paris, and The University of Duisburg-Essen.

In February 2023 we published a report on a pattern of dark web traffic to the networks of Vice Society’s victims, which we assessed with medium confidence was a precursor to the group’s attacks.

Vice Society stopped posting victims to its dark web leak site in June 2023 and the site went offline in December. However, once again, this doesn’t necessarily mean the actors behind the group have left the ransomware scene for good. Some security analysts, including those at Check Point Research, have identified similarities in the Tactics, Techniques and Procedures (TTPs) of Vice Society and those used by Rhysida, a ransomware operation that emerged in 2023.

Threat Intelligence Report

More Groups, More Problems: Ransomware in 2023