VanHelsing: New RaaS in Town

March 24, 2025, 1:48 p.m.

Description

VanHelsing RaaS, a new ransomware-as-a-service program launched on March 7, 2025, has quickly gained traction in the cybercrime world. With a low $5,000 deposit for affiliates, it offers an 80% cut of ransom payments. The service provides a user-friendly control panel and targets multiple platforms, including Windows, Linux, BSD, ARM, and ESXi systems. Within two weeks of its launch, VanHelsing infected three victims, demanding large ransoms. The ransomware, written in C++, is actively evolving, with two variants discovered just five days apart. It employs various techniques to evade detection, including a 'Silent' mode and selective encryption of files. The rapid growth and sophistication of VanHelsin gRaaS highlight the increasing threat of ransomware attacks.

External References

https://research.checkpoint.com/2025/vanhelsing-new-raas-in-town/
https://otx.alienvault.com/pulse/67e02b83689d61f57a3f4782
Tags
encryption
cybercrime
ransomware-as-a-service
evasion techniques
multi-platform
2025-03-23
vanhelsing
affiliate program

Date

  • Created: March 23, 2025, 3:40 p.m.
  • Published: March 23, 2025, 3:40 p.m.
  • Modified: March 24, 2025, 1:48 p.m.

Attack Patterns

  • VanHelsing
  • VanHelsingRaaS
  • T1490
  • T1012
  • T1087
  • T1021
  • T1573
  • T1486
  • T1070
  • T1547
  • T1082
  • T1083
  • T1071
  • T1055
  • T1204
  • T1140
  • T1132
  • T1027
  • T1078
  • T1059