The Ransomed.vc group was created in August, initially threatening victims with the prospect of European fines for data breach if ransoms for stolen data were not paid. Multiple Businesses Added to Gang Leak Site they said they had never been hacked.
Over the past week, the hacker behind the gang has said he wants to sell the entire operation.
In now-deleted messages on Telegram from October 30, the person claiming to be behind the operation said they were selling RansomedVC’s ransomware builderdomain names, VPN access to 11 hacked companies, access to affiliated groups and social media channels under their control, as well as 37 databases that the group says are worth approximately $10 million.
The account then began posting increasingly desperate messages, offer 20% off before posting a final message on Wednesday.
“As part of my investigation, I discovered that 6 people linked to me (perhaps) had been arrested, so I am putting an end to it. the profit we made is not worth ruining the lives of any of our affiliates, all of our 98 affiliates are now officially licensed, we are sorry for the not so long running of the group but it turns out that some of the kids don’t “I have normal opsec, I can’t do anything about it,” they wrote.
“I have won well with them, but using newborn children at the age of around 20 is just not right in my eyes, they will end up in prison anyway, but I do not wish to continue all that will support their stupidity, we do. we will not regret any of our violations nor have we demanded ransom from any of our “clients” and “customers”.
Recorded Future ransomware expert Allan Liska said this type of shutdown of a ransomware gang was unusual, but noted that Ransomed.vc “is really more about attracting attention than conducting real attacks”. The Record is an editorially independent unit of Recorded Future.
“Yes, they were lucky in some attacks, but mostly they want to attract attention and this is another way to do it. In a field crowded with ransomware, marketing is increasingly important,” he said.
James Turgal, former executive assistant director of the FBI’s Information and Technology Branch (CIO) and vice president of Optiv, told Recorded Future News that the concept of selling ransomware services has become common since the emergence of operations ransomware-as-a-service (RaaS). during the last years.
Several gangs sell subscriptions to affiliates and proxies who pay recurring fees or give ransom discounts to developers, who maintain the ransomware tools and infrastructure. Some gangs, according to Turgal, sell ransomware code in exchange for a one-time fee.
In the case of RansomedVC, Turgal said, the situation might be a little different.
“Are they selling their business because the FBI or international law enforcement is closing in on their operations? It is very rare for criminal organizations to repent of their illegal actions and develop a conscience. The sale could be a ruse to see if law enforcement will follow up on their advertising to see how close law enforcement is to their operations,” he said.
He added that if the gang was successful in selling its operations, it could complicate future attribution and create another viable market for cybercriminals to reap rewards.
Callie Guenther, senior manager of threat research at cybersecurity firm Critical Start, said it’s not common for ransomware gangs to publicly announce the sale of their operations in this way.
Groups disband, change names or go underground when they face legal pressure, she noted.
“Their reason for selling – to avoid federal scrutiny – highlights the growing pressure and effective measures being taken by law enforcement around the world,” she said.
“This could be a sign that international efforts to combat cybercrime are having a significant impact. »
No previous articles
No new articles
Jonathan Greig is a breaking news reporter at Recorded Future News. Jonathan has worked as a journalist around the world since 2014. Before returning to New York, he worked for media outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.