Ransomware and data extortion group RansomedVC has announced plans to shut down the project and sell part of its infrastructure.
RansomedVC has only been around for a few months and operates under the ransomware-as-a-service (RaaS) business model. The group listed more than 40 organizations on its leak site, demanding ransom payments of up to $1 million, depending on the size of the victim.
The group primarily focuses on organizations in Europe, but has recently claimed responsibility for attacks against Sony And the District of Columbia Board of Elections (DCBOE). According to a cybersecurity company ZeroFoxthe group began engaging in extortion activities in August.
On October 30, RansomedVC’s operators announced on the group’s Telegram channel that they were ceasing operations, and have since shut down the project’s leak sites.
However, the gang’s dark web forum, which was used to manage the operation, remains active, supposedly to assist in the sale of assets and infrastructure, notes ZeroFox.
On its Telegram channel, the gang announced that it was selling its two leak websites and the dark web forum, its social media accounts, a supposedly undetectable ransomware generator, malware source code, access to groups affiliates, Telegram channel, VPN access to 11 victims. , 37 databases and a control panel for the file encryption malware.
Initially, the gang provided no explanation for the move, but a November 8 article revealed that six people associated with RansomedVC may have been arrested and all 98 affiliates were immediately fired.
According to ZeroFox, the shutdown of RansomedVC will likely have very little impact on the ransomware landscape, as affiliates are expected to migrate to other RaaS operations.
“Threat actors (and not limited to extortion collectives) will likely be motivated to purchase the infrastructure to target victims, create spinoff extortion operations, or exploit other malicious activities,” notes ZeroFox.
Related: Hive Ransomware operation stopped by law enforcement
Related: Conti Ransomware Operation Shut Down After Brand Became Toxic
Related: DarkSide Ransomware Shutdown: An Exit Scam or a Run for the Hills?