A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuvius, the London Stock Exchange-listed molten metal flow engineering company.
The Vice Society ransomware gang has published on the dark web files that it stole from Vesuvius, one month after the company announced that it had suffered a “cyber incident.”
Amusingly, Vice Society included a confidentiality notice alongside the link through which the stolen files can be downloaded:
CONFIDENTIALITY NOTICE AND DISCLAIMER
This leak, contains many confidential files which may also be privileged or otherwise protected by work product immunity or other legal rules. Any unauthorized review, disclosure, copying, distribution or use of this information is strictly prohibited.
The Company accepts no liability for the content of this leak or for the consequences of any actions taken on the basis of the information it contains. “Vice Society”
As if the Vice Society ransomware gang gives a damn about anyone’s confidentiality, other than its own.
The publication of the files suggests that negotiations between Vesuvius and its attackers have not gone in the direction Vice Society would desire… and that it is unlikely to receive a ransom from the British steel supplier.
Is it me, or does it feel like more and more corporate victims of ransomware attacks are calling the bluff of their extortionists?
I am interested to know what you mean by "calling their bluff"? Because if they were bluffing, they wouldn't have had any data to publish. Whether or not they were able to decrypt the files without the key that Vice Society has (which is unlikely), their reputation as a company that can be trusted by others with sensitive information is no more. Plus, now anyone who wanted to know their trade secrets has a way to access it for free, whenever they want. I'm sure Vesuvius has the kind of money that they could have swept this under the rug by paying, but instead, they are exposed. It's pretty simple, tbh.