1. Forum
  2. FidoNet
  3. CONSPRCY

  • Multi-platform ransomware

    From Mike Powell@1:2320/105 to All on Wed Mar 26 09:13:00 2025
    This dangerous new ransomware is hitting Windows, ARM, ESXi systems

    Date:
    Tue, 25 Mar 2025 14:04:00 +0000

    Description:
    VanHelsing variant works across different platforms, including Windows and Linux.

    FULL STORY

    A new dangerous ransomware variant has been spotted, capable of encrypting Windows devices, Linux, VMware, ESXi systems, and more.

    Cybersecurity researchers Check Point revealed the malware is called VanHelsing, and works on a service model (Ransomware-as-a-Service).

    The RaaS operation kicked off on March 7, 2025, and the encryptor is still under development. So far, multiple infections were spotted, and the researchers managed to analyze a few variants, all on the Windows platform. Between them, there were incremental updates, it was said, proving VanHelsing is being actively - and quickly - developed.

    Russian group?

    So far, three organizations fell victim to VanHelsing, each being asked for $500,000 in crypto, in exchange for the decryption key. We dont know if the affiliates also engage in data exfiltration, but its safe to assume they do.

    Check Point also said there appears to be different rules for wanna-be affiliates. Those that are newcomes to the cybercriminal scene need to pay a $5,000 fee to be included as an affiliate. More established names in the
    scene dont have to pay at all.

    Splitting the proceeds favors the affiliates, it was further explained. Its
    an 80-20 split, with 20% going to the ransomwares operators.

    As for attribution, the operation is most likely Russian, since it is not allowed to target organizations in Russia or the Commonwealth of Independent States (former Soviet Union, basically).

    "This is difficult to say, but usually they are operating under Russian territory," noted Antonis Terefos, a malware reverse engineer at Check Point.

    The researchers also hinted the Russian government does not target cybercriminals, as long as they only attack organizations in the West.

    If that really is the case, and VanHelsing is allowed to work freely, it can quickly become a prolific threat actor, rivaling the likes of LockBit, or RansomHub. Furthermore, it will become obvious that ransomware has become a tool in global power struggles, something weve seen North Korea doing for
    years now.

    Via The Register

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-dangerous-new-ransomware-is-hittin g-windows-arm-esxi-systems

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)