The ransomware and data extortion group RansomedVC announced plans to shut down the project and sell parts of its infrastructure.
RansomedVC has only been around for a few months, operating under the ransomware-as-a-service (RaaS) business model. The group has listed more than 40 organizations on its leak site, demanding ransom payments of up to $1 million, depending on the victim’s size.
The group mainly focuses on organizations in Europe, but recently claimed responsibility for attacks on Sony and the District of Columbia Board of Elections (DCBOE). According to cybersecurity firm ZeroFox, the group started engaging in extortion activities in August.
On October 30, the RansomedVC operators announced on the group’s Telegram channel that they were ceasing operations, and have since closed the project’s leak websites.
However, the gang’s dark web forum, which has been used to manage the operation, remains active, supposedly to assist with the selling of assets and infrastructure, ZeroFox notes.
On its Telegram channel, the gang announced that it was selling its two leak websites and the dark web forum, social media accounts, an allegedly undetectable ransomware builder, malware source code, access to affiliate groups, the Telegram channel, VPN access to 11 victims, 37 databases, and a control panel for the file-encrypting malware.
Initially, the gang provided no explanation for the move, but a November 8 post revealed that six individuals associated with RansomedVC may have been arrested and that all 98 affiliates were immediately fired.
The RansomedVC shutdown, ZeroFox says, will likely have very little impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.
“Threat actors (not limited to extortion collectives) will likely be motivated to purchase the infrastructure to target victims, create spin-off extortion operations, or leverage for further malicious activity,” ZeroFox notes.