More Ransomware Gangs Are Exploiting PrintNightmare to Attack Windows PCs

Broken lock — Valery Brozhinsky/Shutterstock

The PrintNightmare exploit might be the most appropriately named situation, as it has indeed been a nightmare for Windows users. Now, new groups of ransomware gangs are exploiting PrintNightmare to attack Windows PCs, creating a whole new threat level.

Vice Society Is Joining the PrintNightmare Attacks

Microsoft released a patch designed to fix the PrintNightmare situation, but unfortunately, it didn’t effectively deal with the problem. Now, Vice Society, another known ransomware gang, is joining in on the attacks.

Vice Society is actively exploiting PrintNightmare (CVE-2021-1675 / CVE-2021-34527) to spread laterally across victim networks. They are a new player in the ransomware space. They have been observed launching big-game hunting and double-extortion attacks https://t.co/hQqRXEMFYc

— Craig Williams (@security_craig) August 12, 2021

Apparently, Vice Society ransomware operators used two print spooler exploits to deploy a malicious DLL, as observed by Cisco Talos researchers and spotted by BleepingComputer.

Vice Society’s ransomware can encrypt both Windows and Linux systems with OpenSSL. Typically, Vice Society targets victims in human-operated double-extortion attacks. It has previously targeted public school districts and other educational institutions, but that doesn’t mean that’ll remain the gang’s focus.

Additionally, The Conti and Magniber ransomware gangs are exploiting the PrintNightmare situation, creating even more problems. The more groups who end up exploiting the PrintNightmare vulnerability, the more dangerous it becomes.

According to Cisco Talos, “Multiple distinct threat actors are now taking advantage of PrintNightmare, and this adoption will likely continue to increase as long as it is effective.”

Basically, this means that PrintNightmare is becoming more dangerous, and it’ll continue to be a problem as more groups figure out ways to use it.

What Does This Mean For You?

As always, this serves as a reminder to be careful what you do online. There are a lot of malicious individuals out there looking to take advantage of vulnerabilities like PrintNightmare. Make sure to keep Windows updated, as Microsoft will continue to release patches.