New Windows Threat Demands $5,000 In Return For $500,000 Attack
VanHelsing ransomware hackers charged $5,000 to start attacking Windows.
It wasn't that long ago that we were assured that the ransomware threat was in decline, what with the FBI disruption of LockBit taking out one of the main criminal players. But LockBit soon bounced back, even going as far as sending a warning the new Federal Bureau of Investigation director, Kash Patel. The nature of the threat posed to enterprises by ransomware has been only too evident in recent high-profile security advisories from the FBI regarding ongoing Medusa ransomware-as-a-service attacks. Now, a scary new criminal clown has joined the ransomware circus and looks like making quite a splash as the first victims fall in less than two weeks after its launch. Here's everything you need to know about VanHelsing and the initial attacks targeting Windows devices.
Although only first launched March 7, the VanHelsing ransomware-as-a-service platform has made quite a splash already. Described as rapidly expanding, the threat actors behind VanHelsing have already seen three enterprise victims fall victim in just two weeks. While that might seem like small beans in the overall scheme of cybercrime things, that's three successful attacks in just 14 days of operation. I'd be taking VenHelsing very seriously at this stage if I were you. Oh, and rapidly expanding? Researchers said that they had obtained two different variants of the ransomware threat, compiled just five days apart, and showing how fast it is evolving.
According to threat intelligence experts at Check Point Research, the ransomware-as-a-service opened its doors to 'reputable' affiliates, although I would have to question the use of that word in these circumstances, for free. Unproven criminal allies, those looking to use the service to launch attacks of their own, have been required to pay a deposit of $5,000 in order to gain access to the offensive platform. It's not a bad investment should their attacks prove successful.
'After two blockchain confirmations of the victim's ransom payment,' Check Point said, 'the affiliates receive 80% of the revenue, while the remaining 20% is paid to the RaaS operators.' For their money, the attackers are provided with all the tools they need to manage their attacks by way of a control panel and cross-platform locker.
The Check Point Research threat intelligence specialists have warned that while the initial successful attacks have been against Windows systems, VanHelsing is actually multi-platform and can also infect Linux, BSD, ARM, and ESXi systems. 'This multi-platform support significantly broadens the reach of the ransomware,' Check Point said, 'enabling it to target a wide variety of systems.' Everything points to Russian cybercrime being behind the latest ransomware player, not least that VanHelsing affiliates must not encrypt those systems within Commonwealth of Independent States countries. I would expect activity to ramp up pretty darn quickly from this point. Especially given that Check Point has confirmed that the initial targets have been high value with $500,000 demands made during ransom negotiations. 'This rapid escalation underscores the program's effectiveness and the evolving nature of ransomware threats,' Check Point concluded, 'emphasizing the need for robust cybersecurity measures to combat such sophisticated attacks.'
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Yahoo
23 minutes ago
- Yahoo
Musk deletes explosive posts about Trump and Epstein files
From bringing the heat to retreating on the beef. Elon Musk appears to be backtracking on some of the wild accusations he made during his ugly spat with President Donald Trump earlier this week. Musk sensationally posted on Thursday that the president's name appears in unreleased Jeffrey Epstein files — and said that's why the files haven't been made public. "@RealDonaldTrump is in the Epstein files," Musk wrote on X. "That is the real reason they have not been made public. Have a nice day, DJT!" Musk followed the post with another, saying, "Mark this post for the future. The truth will come out." President Trump Teases 'Last Day, But Not Really' For Elon Musk At Doge: Oval Office Presser Set For Friday Read On The Fox News App But eagle-eyed online sleuths noticed that Musk had quietly deleted the posts. The former "First Buddy" dropped the allegation in response to a back-and-forth series of social media messages between him and Trump. But as of today, the post has been removed from the Tesla CEO's timeline. The post wasn't the only one he deleted: Musk also appears to have taken down a post endorsing a message that read, "Trump should be impeached" and that Vance "should replace him." Musk shared the post and wrote "yes," but his comment is no longer visible. The beef between Musk and Trump exploded onto the national scene this week with the SpaceX CEO publicly blasting Trump's major legislation, the Big Beautiful bill, for increasing the deficit by around $2.5 trillion. The feud came despite a months-long "bromance" between the pair, with Musk donating around $277 million to Trump's campaign and enthusiastically supporting his return to office. Trump's return to office also saw Musk oversee the Department of Government Efficiency (DOGE) for months. White House Press Secretary Karoline Leavitt said in the aftermath of Musk's post that it was an "unfortunate episode from Elon, who is unhappy with the One Big Beautiful Bill because it does not include the policies he wanted." Jeffrey Epstein List: Ag Pam Bondi Releases Highly Anticipated Doj Documents The White House said a source familiar with the Epstein matter said it is widely known that Trump kicked Epstein out of his Palm Beach Golf Club. The source also pointed out that the administration released the Epstein files, which included Trump's name, and nothing was new about Musk's revelation. "If Elon truly thought the President was more deeply involved with Epstein, why did he hang out with him for 6 months and say he 'loves him as much as a straight man can love a straight man?'" the source said. Musk's bombshell allegation against Trump comes months after a trove of files pertaining to the Epstein case were released. In February, Attorney General Pam Bondi sent a letter to FBI Director Kash Patel explaining the delay in the release of documents and placing blame on an FBI field office in New York. Bondi said she requested the full Epstein case file before Patel was confirmed as the head of the FBI and received about 200 pages — far fewer than the number of pages released last year in a civil lawsuit connected to Ghisalaine Maxwell, the trafficker's former lover and convicted accomplice. Although Bondi pushed for the release of the full dossier, which included records, documents, audio and video recordings, and materials related to Epstein and his clients, the request remains unfulfilled. One of the key pieces that remains unreleased is a client list, though Bondi claimed in February it was on her desk to be reviewed. The documents that have been released so far include flight logs, an evidence list, a contact book and a redacted "masseuse list" believed to refer to Epstein's victims. Many people named in the documents have never been accused of Epstein-related wrongdoing. However, some have, like Maxwell; Prince Andrew, who has denied allegations of wrongdoing; and Jean-Luc Brunel, a French modeling agent who, like Epstein, died in a jail awaiting trial. Epstein, Maxwell and unnamed co-conspirators allegedly abused young women and underage girls between 1996 and his death in 2019, according to the lawsuit. Citing police documents, it alleges that Epstein recruited girls between 14 and 16 as well as students at Palm Beach Community College for "sex-tinged sessions." Maxwell is appealing her conviction while serving a sentence at a federal prison in Tallahassee. She is due for release in the summer of 2037. Fox News Digital's Andrew Mark Miller and Mike Ruiz contributed to this article source: Musk deletes explosive posts about Trump and Epstein files
Fox News
32 minutes ago
- Fox News
FBI arrests Michigan man who allegedly called in phony bomb threat after missing Spirit Airlines flight
A Michigan man who missed his flight was recently arrested after allegedly calling in a fake bomb threat that forced the evacuation of his scheduled Spirit Airlines flight at Detroit Metropolitan Airport early Thursday morning. In a Justice Department news release Friday, U.S. Attorney Jerome F. Gorgon Jr. said John Charles Robinson, 23, of Monroe is accused of using a cellphone to call Spirit Airlines with false information about a bomb threat to Flight 2145 departing from Detroit Metro bound for Los Angeles. During the call, Robinson said in part, "I was calling about 2145… because I have information about that flight," "there's gonna be someone who's gonna try to blow up the airport," and "there's gonna be someone that's gonna try to blow up that flight, 2145," according to an affidavit. After giving a description of an individual, he then stated, "they're going to be carrying a bomb through the TSA," and "they're still threatening to do it, they're still attempted to do it, they said it's not going to be able to be detected. Please don't let that flight board." The aircraft was moved to a remote location, and all passengers were safely deplaned and taken to the Evans Terminal for additional screening. Bomb-sniffing dogs and FBI agents conducted a thorough search of the plane for explosives, but nothing was found. Agents learned Robinson was booked on the flight, but missed it and was told at the gate that he needed to re-book. Robinson was arrested by the FBI when he returned to the airport to depart on another flight bound for Los Angeles. "No American wants to hear the words 'bomb' and 'airplane' in the same sentence," Gorgon said. "Making this kind of threat undermines our collective sense of security and wastes valuable law enforcement resources." Cheyvoryea Gibson, special agent in charge of the FBI Detroit Field Office, said the incident prompted a coordinated response by our FBI Detroit Joint Terrorism Task Force, in partnership with the Wayne County Airport Authority Police Department and the U.S. Federal Air Marshal Service. "We remain committed to protecting the public and confronting those who seek to spread fear in our communities," Gibson said. Robinson appeared in federal court in Detroit on Friday afternoon and was released on bond. His next court appearance is June 27 for a preliminary HERE TO GET THE FOX NEWS APPSpirit Airlines did not immediately respond to Fox News Digital's request for comment.
Newsweek
34 minutes ago
- Newsweek
FBI Offers Reward for Info Leading to Indigenous Teen Missing for 8 Months
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. A combined $10,000 reward has been offered for information leading to the discovery of 13-year-old Sa'Wade Birdinground who vanished from her grandparents' Montana home last October. The FBI's Salt Lake City Field Office offered a $5,000 award that was matched by the executive branch of the Crow Tribe of which Birdinground is a part of. Following a Friday press conference, members of the community held a walk and presentation of red balloons at Little Big Horn College, symbolizing collective hope and continued efforts to bring Birdinground home, Yellowstone Public Radio Reported. Why It Matters The teenager's disappearance has drawn attention to the broader crisis of missing and murdered Indigenous people in the United States, particularly in Montana and other states with significant tribal communities. Indigenous women make up a disproportionate majority of missing and murdered women in the U.S., with the murder rate 10 times higher for women living on reservations, according to the organization Native Hope. Murder is the third leading cause of death for Native women, the organization added. The Department of Justice's (DOJ) "Operation Not Forgotten" reflects a national push to boost investigative resources and address longstanding disparities in response to cases involving Indigenous individuals. What To Know Birdinground was last seen at her grandparents' residence on the Crow Indian Reservation in Garryowen, Montana, on the night of October 6, 2024. Since then, she has not been heard from. The reservation sits about 65 miles southeast of Billings and is near the former site of Sitting Bull's camp, on Garryowen bend of the Little Bighorn River, according to the city's website. The area was a traditional summer hunting campsite for many Plains Indian tribe and was the site of one of the largest Indian gatherings ever recorded in North America. When last seen, the 13-year-old was approximately 5'4" to 5'5" tall, weighing 130–140 pounds, with brown eyes, curly brown hair. She is also known to wear an elk tooth necklace. On the night she disappeared, she wore a black hoodie with mushrooms, an anime T-shirt, basketball shorts, purple slip-on Skechers and may have also carried a black and purple Adidas backpack, the FBI's release said. Early searches by the FBI, Bureau of Indian Affairs, local law enforcement, the community, and the Montana National Guard have led to no confirmed sightings or significant leads, according to a report from local news station KTVQ. Federal and tribal authorities described Birdinground's case as exceptional due to her age and the circumstances and highlighted the ongoing struggle of Indigenous communities where dozens of members are reported missing each year. So far this year, the FBI doubled the number of special agents assigned to investigate cases on the Crow and Northern Cheyenne tribal nations. Data from the Crow Tribe showed that while about 78 missing persons are reported annually, most cases are soon resolved. Sa'Wade Birdinground, 13, has been missing from the Crow Indian Reservation since October of 2024. Sa'Wade Birdinground, 13, has been missing from the Crow Indian Reservation since October of 2024. FBI What People Are Saying Mehtab Syed, FBI Special Agent in Charge of the Salt Lake City Field Office that covers Montana, Utah, and Idaho, said during Friday's press conference: "Eight months is an incomprehensible amount of time for any family to be without their child. For eight months, Sa'wade's family has had to know life without her." He added: "Sa'Wade is not forgotten. She matters, and we are doing anything in our power to bring her home." Wade Birdinground, Sa'Wade's father, said during the press conference: "It's been a whole different life. To be honest, it's been horrible. I just want to thank the FBI and the Crow Tribe and everybody else. Thanks for helping me out and continue to search for Sa'Wade." Frank Whiteclay, Crow Tribal Chairman, said during the press conference: "We wanted to match the FBI's award so we can show not only the family, but the community, that my administration is here for the community to assist whenever a crisis comes ahead." What Happens Next? Federal, tribal, and local agencies are continuing the active investigation, seeking public tips and following all available leads. The FBI urged the public to come forward with any information and have established a dedicated tip line for Sa'Wade Birdinground at the Salt Lake City Field Office (801-579-6195). Tips can also be submitted online at Community leaders also urged the public to remain vigilant and share information widely on social media.
