As part of an ongoing analysis of ransomware-as-a-service operations, a new operation known as VanHelsing has been identified. This operation demonstrates a sophisticated multi-platform capability, posing a significant cybersecurity threat. This new strain of ransomware is designed to be able to compromise a wide range of systems, including Windows, Linux, BSD, ARM and ESXi, highlighting how adaptable and powerful the malware is.
During the spring of 2025, VanHelsing became highly visible in underground cybercriminal forums, where it was actively promoted to potential affiliates. The most significant aspect of the program was the fact that experienced cybercriminals were given free access, while those with less expertise were required to pay a $5,000 deposit as a condition to participate.
In this case, the targeted recruitment strategy seems to be a calculated one to attract both seasoned and aspiring threat actors to expand the scope of the ransomware’s operational capabilities.
A few weeks back, cybersecurity firm CYFIRMA first revealed the existence of VanHelsing, providing insight into its emergence and early stages.
The findings of Check Point Research’s extensive technical analysis, published yesterday in the journal Security Research, provide a more in-depth understanding of the ransomware’s mechanics as well as its operational framework, which was published following this discovery. It has become apparent that VanHelsingRaaS is spreading rapidly, raising ser
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: