FlagThis

A new Ransomware-as-a-Service (RaaS) program, VanHelsingRaaS, has rapidly emerged as a significant threat in the cybercrime world. Launched on March 7, 2025, the program has quickly gained traction, infecting three victims within its first two weeks of operation. The service offers affiliates a control panel and a cross-platform locker, VanHelsing, which is capable of targeting a wide variety of systems, including Windows, Linux, BSD, ARM, and ESXi. This broad platform support allows affiliates to target diverse environments, increasing the potential impact of attacks.

The VanHelsingRaaS program requires a $5,000 deposit for new affiliates, while reputable affiliates can join for free. Affiliates earn 80% of the ransom payments, while the core operators receive the remaining 20%. A key restriction is the prohibition of targeting systems in the Commonwealth of Independent States (CIS). Check Point Research has identified two VanHelsing ransomware variants targeting Windows systems, but the RaaS advertisement indicates wider capabilities. This suggests the ransomware is designed to be adaptable and versatile, posing a significant threat to organizations across various industries and operating systems.

ImgSrc: blogger.googleu

References :

• gbhackers.com: VanHelsing Ransomware Targets Windows Systems with New Evasion Tactics and File Extension
• Check Point Research: VanHelsing, new RaaS in Town
• Christoffer S.: (checkpoint.com) VanHelsingRaaS: Analysis of a New and Rapidly Expanding Ransomware-as-a-Service Program
• Check Point Blog: The Rise of VanHelsing RaaS: A New Player in the Ransomware Landscape
• Blog: New ‘VanHelsing’ Raas hunts your data, not vampires
• The Hacker News: VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics
• : VanHelsingRaaS, a new ransomware-as-a-service program, infected three victims within two weeks of release, demanding ransoms of $500,000
• Talkback Resources: VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics [mal]
• The DefendOps Diaries: VanHelsing Ransomware: A Multi-Platform Threat with Sophisticated Tactics
• Security Risk Advisors: VanHelsing Ransomware hits Windows, Linux, and ESXi with stealthy encryption and demands up to $500K.
• Broadcom Software Blogs: VanHelsing RaaS is a burgeoning ransomware-as-a-service (RaaS) platform that launched on March 7, 2025.
• Cyber Security News: VanHelsingRaaS, a newly launched ransomware-as-a-service (RaaS) program, has quickly gained traction in the cybercrime landscape.
• www.bleepingcomputer.com: New VanHelsing ransomware targets Windows, ARM, ESXi systems
• securityonline.info: VanHelsingRaaS: A New Player in the Ransomware Game
• CyberInsider: New VanHelsing ransomware demands $500,000 ransom payments
• Information Security Buzz: VanHelsingRaaS Strikes: Sinking Its Fangs into Windows, Linux, and More
• securityonline.info: CYFIRMA’s Research and Advisory Team has uncovered a new ransomware strain, “VanHelsingâ€�.
• The Register - Security: VanHelsing ransomware emerges to put a stake through your Windows heart
• www.csoonline.com: New VanHelsing ransomware claims three victims within a month

Classification:

• HashTags: #Ransomware #RaaS #VanHelsing
• Company: VanHelsingRaaS
• Target: Government, Manufacturing
• Attacker: CYFIRMA
• Product: VanHelsing
• Feature: RaaS
• Malware: VanHelsing
• Type: Ransomware
• Severity: Major