Connect with us

Hi, what are you looking for?



Ransomware Group RansomedVC Closes Shop

The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure.

The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure.

RansomedVC has only been around for a few months, operating under the ransomware-as-a-service (RaaS) business model. The group has listed more than 40 organizations on its leak site, demanding ransom payments of up to $1 million, depending on the victim’s size.

The group mainly focuses on organizations in Europe, but recently claimed responsibility for attacks on Sony and the District of Columbia Board of Elections (DCBOE). According to cybersecurity firm ZeroFox, the group started engaging in extortion activities in August.

On October 30, the RansomedVC operators announced on the group’s Telegram channel that they were ceasing operations, and have since closed the project’s leak websites.

However, the gang’s dark web forum, which has been used to manage the operation, remains active, supposedly to assist with the selling of assets and infrastructure, ZeroFox notes.

On its Telegram channel, the gang announced that it was selling its two leak websites and the dark web forum, social media accounts, an allegedly undetectable ransomware builder, malware source code, access to affiliate groups, the Telegram channel, VPN access to 11 victims, 37 databases, and a control panel for the file-encrypting malware.

Initially, the gang provided no explanation for the move, but a November 8 post revealed that six individuals associated with RansomedVC may have been arrested and that all 98 affiliates were immediately fired.

The RansomedVC shutdown, ZeroFox says, will likely have very little impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.

Advertisement. Scroll to continue reading.

“Threat actors (not limited to extortion collectives) will likely be motivated to purchase the infrastructure to target victims, create spin-off extortion operations, or leverage for further malicious activity,” ZeroFox notes.

Related: Hive Ransomware Operation Shut Down by Law Enforcement

Related: Conti Ransomware Operation Shut Down After Brand Becomes Toxic

Related: DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...