Connect with us

Hi, what are you looking for?



Ransomware Group RansomedVC Closes Shop

The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure.

The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure.

RansomedVC has only been around for a few months, operating under the ransomware-as-a-service (RaaS) business model. The group has listed more than 40 organizations on its leak site, demanding ransom payments of up to $1 million, depending on the victim’s size.

The group mainly focuses on organizations in Europe, but recently claimed responsibility for attacks on Sony and the District of Columbia Board of Elections (DCBOE). According to cybersecurity firm ZeroFox, the group started engaging in extortion activities in August.

On October 30, the RansomedVC operators announced on the group’s Telegram channel that they were ceasing operations, and have since closed the project’s leak websites.

However, the gang’s dark web forum, which has been used to manage the operation, remains active, supposedly to assist with the selling of assets and infrastructure, ZeroFox notes.

On its Telegram channel, the gang announced that it was selling its two leak websites and the dark web forum, social media accounts, an allegedly undetectable ransomware builder, malware source code, access to affiliate groups, the Telegram channel, VPN access to 11 victims, 37 databases, and a control panel for the file-encrypting malware.

Initially, the gang provided no explanation for the move, but a November 8 post revealed that six individuals associated with RansomedVC may have been arrested and that all 98 affiliates were immediately fired.

The RansomedVC shutdown, ZeroFox says, will likely have very little impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.

Advertisement. Scroll to continue reading.

“Threat actors (not limited to extortion collectives) will likely be motivated to purchase the infrastructure to target victims, create spin-off extortion operations, or leverage for further malicious activity,” ZeroFox notes.

Related: Hive Ransomware Operation Shut Down by Law Enforcement

Related: Conti Ransomware Operation Shut Down After Brand Becomes Toxic

Related: DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

Check Point Software has appointed Nadav Zafrir as Chief Executive Officer.

BlackFog has named Brenda Robb as President, John Sarantakes as CRO, and Mark Griffith as VP of Strategic Sales.

Former NSA cybersecurity chief Rob Joyce has joined Sandfly Security's Advisory Board.

More People On The Move

Expert Insights