November 13, 2023 at 10:03AM
The RansomedVC group, operating under a ransomware-as-a-service (RaaS) model, has announced its shutdown and plans to sell its infrastructure. The group targeted organizations in Europe and was responsible for attacks on Sony and the District of Columbia Board of Elections. The shutdown is unlikely to have a significant impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations. Several individuals associated with RansomedVC may have been arrested.
Key takeaways from the meeting notes:
1. The ransomware and data extortion group RansomedVC has announced its plan to shut down the project and sell parts of its infrastructure.
2. RansomedVC has been operating under the ransomware-as-a-service (RaaS) business model for a few months, targeting more than 40 organizations and demanding ransom payments of up to $1 million.
3. While the group mainly focuses on European organizations, they have recently claimed responsibility for attacks on Sony and the District of Columbia Board of Elections.
4. Cybersecurity firm ZeroFox reports that the group started engaging in extortion activities in August.
5. The RansomedVC operators announced on their Telegram channel on October 30 that they were ceasing operations, closing the project’s leak websites but keeping the dark web forum active for asset and infrastructure sales.
6. RansomedVC is selling various assets and resources, including leak websites, dark web forum access, social media accounts, ransomware builder, source code, access to affiliate groups, VPN access to victims, databases, and a control panel for file-encrypting malware.
7. Six individuals associated with RansomedVC may have been arrested, and all 98 affiliates were fired.
8. ZeroFox believes that the RansomedVC shutdown will have little impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.
9. There is concern that threat actors may purchase RansomedVC’s infrastructure for further malicious activities or create spin-off extortion operations.
10. This shutdown follows recent similar actions against other ransomware operations like Hive and Conti, indicating a trend of law enforcement cracking down on these groups.