VanHelsing: New RaaS in Town
Essential information
- Published
- 23/03/2025 15:40
- Modified
- 24/03/2025 13:48
- Tags
- 2025-03-23 affiliate program cybercrime encryption evasion techniques multi-platform ransomware-as-a-service vanhelsing
- Related entities
- 1 intrusion sets (apt), 18 techniques (mitre), 1 malware
Description
VanHelsing RaaS, a new ransomware-as-a-service program launched on March 7, 2025, has quickly gained traction in the cybercrime world. With a low $5,000 deposit for affiliates, it offers an 80% cut of ransom payments. The service provides a user-friendly control panel and targets multiple platforms, including Windows, Linux, BSD, ARM, and ESXi systems. Within two weeks of its launch, VanHelsing infected three victims, demanding large ransoms. The ransomware, written in C++, is actively evolving, with two variants discovered just five days apart. It employs various techniques to evade detection, including a 'Silent' mode and selective encryption of files. The rapid growth and sophistication of VanHelsin gRaaS highlight the increasing threat of ransomware attacks.