Vice Society publishes data stolen during Vesuvius ransomware attack

Vice Society publishes data stolen during Vesuvius ransomware attack

A notorious ransomware gang has claimed responsibility for a cyber attack against Vesuvius, the London Stock Exchange-listed molten metal flow engineering company.

The Vice Society ransomware gang has published on the dark web files that it stole from Vesuvius, one month after the company announced that it had suffered a “cyber incident.”

Vesuvius leak

Amusingly, Vice Society included a confidentiality notice alongside the link through which the stolen files can be downloaded:


This leak, contains many confidential files which may also be privileged or otherwise protected by work product immunity or other legal rules. Any unauthorized review, disclosure, copying, distribution or use of this information is strictly prohibited.

The Company accepts no liability for the content of this leak or for the consequences of any actions taken on the basis of the information it contains. “Vice Society”

As if the Vice Society ransomware gang gives a damn about anyone’s confidentiality, other than its own.

The publication of the files suggests that negotiations between Vesuvius and its attackers have not gone in the direction Vice Society would desire… and that it is unlikely to receive a ransom from the British steel supplier.

Sign up to our free newsletter.
Security news, advice, and tips.

Is it me, or does it feel like more and more corporate victims of ransomware attacks are calling the bluff of their extortionists?

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “Vice Society publishes data stolen during Vesuvius ransomware attack”

  1. A person

    I am interested to know what you mean by "calling their bluff"? Because if they were bluffing, they wouldn't have had any data to publish. Whether or not they were able to decrypt the files without the key that Vice Society has (which is unlikely), their reputation as a company that can be trusted by others with sensitive information is no more. Plus, now anyone who wanted to know their trade secrets has a way to access it for free, whenever they want. I'm sure Vesuvius has the kind of money that they could have swept this under the rug by paying, but instead, they are exposed. It's pretty simple, tbh.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.