Summary: The VanHelsing ransomware-as-a-service (RaaS) operation emerged on March 7, 2025, quickly claiming multiple victims through a user-friendly platform that supports a variety of operating systems. The scheme employs double extortion tactics and allows affiliates to profit significantly while only prohibiting attacks on the Commonwealth of Independent States (CIS). It represents a worrying trend in ransomware, which has seen a staggering rise in victims and evolving attack strategies recently.
Affected: Government, manufacturing, and pharmaceutical companies in France and the United States
Keypoints:
- VanHelsing RaaS launched with a model allowing extensive participation for hackers, requiring a ,000 deposit for new affiliates.
- The ransomware uses the “.vanhelsing” extension and modifies victims’ wallpaper, alongside providing a ransom note demanding Bitcoin payments.
- February 2025 saw record ransomware attacks with 962 victims, a significant rise attributed to increasing remote encryption tactics and evolving ransomware strategies.
Source: https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html