The Vice Society ransomware gang has claimed responsibility for an attack on a U.K. Spar wholesaler earlier this month and is being linked to an attack on a Norwegian newspaper this week.

The first attack targeted Spar wholesaler James Hall & Co. on Dec. 6, resulting in Spar stores being unable to take card payments at some 600 stores across the north of England. Some Spar stores were forced to close from the ransomware attack, while others remained open but accepted only cash payments.

The form of ransomware used and the ransom demanded was not revealed by the company at the time. Now Vice Society has taken credit for the attack.

The group said on its dark web page that it had infected James Hall and & Co. along with Heron and Brearley, owner of Mannin Retail, which owns 19 Spar stores on the Isle of Man. In addition to taking credit for the attack, Vice Society dumped stolen files. Bank Info Security reported today that more than 93,000 stolen files were published by the gang, suggesting that neither company paid the ransom demanded in the attack.

Vice Society is also being linked to a new ransomware attack that targeted Norway-based media company Amedia AS, which publishes more than 70 newspapers. The attackers struck on Tuesday and forced the company to shut off its presses. As of Wednesday, the company said that it would “take time before the situation is normal.”

The attack on Amedia is believed to have involved the exploitation of the PrintNightmare vulnerability, a Windows security flaw revealed in July.

Vice Society, believed to be a spinoff of the HelloKitty ransomware gang, emerged earlier this year. It uses various methods to gain access to victims’ networks, including exploiting PrintNightmare.

According to HIPAA Journal, the gang is known for exfiltrating data from victims’ systems before using ransomware to encrypt files, a so-called double-tap ransomware attack. The data is then published on its data leak site to pressure victims into paying a ransom.

The gang was also behind an attack on United Health Centers, a medical services provider in California in August that resulted in the disruption of services and patient data theft. Vice Society took credit for the attack in September.

Image: Pixabay