Vice Society claims that Australian firefighters are being attacked by ransomware

Australia’s Fire Rescue Victoria revealed a cyberattack in December that led to a data breach. The Vice Society ransomware gang now claims the data.

Fire Rescue Victoria (FRVP), a volunteer fire-fighting service that operates in 85 locations across the Australian state Victoria, has around 4,500 employees and is incorporated into a corporate organization.

Cyberattacks on FRV took place on December 15, 2022. Despite the ongoing and widespread IT downtimes, emergency services at the agency have not been affected.

“The incident affected several of our internal server, including our email system,” explained FRV in an .

While we are still experiencing widespread IT downtime as a result, safety in the community has not been compromised. We continue to dispatch appliances and crews through pagers, mobile phones and radio. – FRV.

The hackers not only disrupted the IT system of the agency, but also stole data from FRV computers. This included information on current and past employees, contractors and secondees as well as job candidates.

On January 6, 2023 the agency informed the Office of the Australian Information Commissioner of the incident, disclosing preliminary findings of the ongoing investigation.

The has parts that are public. They state that hackers stole the following information about FRV employees and applicants.

• Full Name
• Current and Previous Address
• Email Address (both current and past)
• Telephone number (current, and past)
• Date of birth
• Information about health
• Information about sensitive topics such as sexual orientation, race and disability, religious beliefs, qualification, criminal history, political views, or employment history.
• Details of bank account (BSB, number, account name and number).
• Superannuation details
• Information about your government-issued identification
• Driver’s license details
• Passport details
• Numbers for tax files
• Certificates of birth, marriage, and death

The hackers may have also accessed sensitive emails and stolen communications because they accessed the agency’s email system.

FRV warns all applicants for jobs and employees to watch out for targeted phishing SMS or emails.

The organization also recommends staff to reset passwords and use MFA to further protect accounts. Staff should reset their passwords on any other websites where they use the FRV password.

Vice Society Ransomware claims attack

These data breach notifications were issued after Vice Society ransomware gang, who claimed responsibility for the attack on Fire Rescue Victoria, indicated that they will start leaking stolen information.

Vice Ransomware published a Tor entry on January 10, with links to the allegedly stolen data.

This link does not currently work. The fire department is granted a possible unintended reprieve to their data being made public.

Vice Society is more inclined to target any organization they can break, despite the fact that some ransomware attacks do not allow for targeting healthcare and emergency service entities.

These are victims from many industries including the and sectors.

They began using other ransomware groups’ malware in their ransomware attacks starting January 2021. This included BlackCat, QuantumLocker and Zeppelin. Vice Society also branded a variant of Zeppelin ransomware with Hello Kitty encryption.

Recenty, threat actors switched to an which researchers call ‘PolyVice’.