New Windows Threat Demands $5,000 In Return For Hack Attack Access
VanHelsing ransomware hackers charged $5,000 to start attacking Windows.
It wasn’t that long ago that we were assured that the ransomware threat was in decline, what with the FBI disruption of LockBit taking out one of the main criminal players. But LockBit soon bounced back, even going as far as sending a warning the new Federal Bureau of Investigation director, Kash Patel. The nature of the threat posed to enterprises by ransomware has been only too evident in recent high-profile security advisories from the FBI regarding ongoing Medusa ransomware-as-a-service attacks. Now, a scary new criminal clown has joined the ransomware circus and looks like making quite a splash as the first victims fall in less than two weeks after its launch. Here’s everything you need to know about VanHelsing and the initial attacks targeting Windows devices.
Initial VanHelsing Attacks Target Windows, At A Price
Although only first launched March 7, the VanHelsing ransomware-as-a-service platform has made quite a splash already. Described as rapidly expanding, the threat actors behind VanHelsing have already seen three enterprise victims fall victim in just two weeks. While that might seem like small beans in the overall scheme of cybercrime things, that’s three successful attacks in just 14 days of operation. I’d be taking VenHelsing very seriously at this stage if I were you. Oh, and rapidly expanding? Researchers said that they had obtained two different variants of the ransomware threat, compiled just five days apart, and showing how fast it is evolving.
According to threat intelligence experts at Check Point Research, the ransomware-as-a-service opened its doors to “reputable” affiliates, although I would have to question the use of that word in these circumstances, for free. Unproven criminal allies, those looking to use the service to launch attacks of their own, have been required to pay a deposit of $5,000 in order to gain access to the offensive platform. It’s not a bad investment should their attacks prove successful.
“After two blockchain confirmations of the victim’s ransom payment,” Check Point said, “the affiliates receive 80% of the revenue, while the remaining 20% is paid to the RaaS operators.” For their money, the attackers are provided with all the tools they need to manage their attacks by way of a control panel and cross-platform locker.
More Than Just Windows In The Crosshairs Of This New $500,000 Ransomware Threat
The Check Point Research threat intelligence specialists have warned that while the initial successful attacks have been against Windows systems, VanHelsing is actually multi-platform and can also infect Linux, BSD, ARM, and ESXi systems. “This multi-platform support significantly broadens the reach of the ransomware,” Check Point said, “enabling it to target a wide variety of systems.” Everything points to Russian cybercrime being behind the latest ransomware player, not least that VanHelsing affiliates must not encrypt those systems within Commonwealth of Independent States countries. I would expect activity to ramp up pretty darn quickly from this point. Especially given that Check Point has confirmed that the initial targets have been high value with $500,000 demands made during ransom negotiations. “This rapid escalation underscores the program’s effectiveness and the evolving nature of ransomware threats,” Check Point concluded, “emphasizing the need for robust cybersecurity measures to combat such sophisticated attacks.”