1. Forum
  2. tqwNet
  3. TQW GENTECH

  • This dangerous new ransomware is hitting Windows, ARM, ESXi syste

    From TechnologyDaily@1337:1/100 to All on Tuesday, March 25, 2025 14:15:08
    This dangerous new ransomware is hitting Windows, ARM, ESXi systems

    Date:
    Tue, 25 Mar 2025 14:04:00 +0000

    Description:
    VanHelsing variant works across different platforms, including Windows and Linux.

    FULL STORY ======================================================================Check Point researchers found a new ransomware strain called VanHelsing It is an emerging threat, where affiliates need to pay a fee to get in Three organizations already fell victim

    A new dangerous ransomware variant has been spotted, capable of encrypting Windows devices, Linux, VMware, ESXi systems, and more.

    Cybersecurity researchers Check Point revealed the malware is called VanHelsing, and works on a service model (Ransomware-as-a-Service).

    The RaaS operation kicked off on March 7, 2025, and the encryptor is still under development. So far, multiple infections were spotted, and the researchers managed to analyze a few variants, all on the Windows platform. Between them, there were incremental updates, it was said, proving VanHelsing is being actively - and quickly - developed.

    Monitor your credit score with TransUnion starting at $29.95/month

    TransUnion is a credit monitoring service that helps you stay on top of your financial health. With real-time alerts, credit score tracking, and identity theft protection, it ensures you never miss important changes. You'll benefit from a customizable online interface with clear insights into your credit profile. Businesses also benefit from TransUnions advanced risk assessment tools.

    Preferred partner ( What does this mean? ) View Deal Russian group?

    So far, three organizations fell victim to VanHelsing, each being asked for $500,000 in crypto, in exchange for the decryption key. We dont know if the affiliates also engage in data exfiltration, but its safe to assume they do.

    Check Point also said there appears to be different rules for wanna-be affiliates. Those that are newcomes to the cybercriminal scene need to pay a $5,000 fee to be included as an affiliate. More established names in the
    scene dont have to pay at all.

    Splitting the proceeds favors the affiliates, it was further explained. Its
    an 80-20 split, with 20% going to the ransomwares operators.

    As for attribution, the operation is most likely Russian, since it is not allowed to target organizations in Russia or the Commonwealth of Independent States (former Soviet Union, basically).

    "This is difficult to say, but usually they are operating under Russian territory," noted Antonis Terefos, a malware reverse engineer at Check Point.

    The researchers also hinted the Russian government does not target cybercriminals, as long as they only attack organizations in the West.

    If that really is the case, and VanHelsing is allowed to work freely, it can quickly become a prolific threat actor, rivaling the likes of LockBit, or RansomHub. Furthermore, it will become obvious that ransomware has become a tool in global power struggles, something weve seen North Korea doing for years now.

    Via The Register You might also like US government warns Medusa ransomware has hit hundreds of critical infrastructure targets We've rounded up the best password managers Take a look at our guide to the best authenticator app



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-dangerous-new-ransomware-is-hittin g-windows-arm-esxi-systems


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)