March 24, 2025 By Bill Toulas
A new multi-platform ransomware-as-a-service (RaaS) operation named VanHelsing has emerged, targeting Windows, Linux, BSD, ARM, and ESXi systems.
VanHelsing was first promoted on underground cybercrime platforms on March 7, offering experienced affiliates a free pass to join while mandating a deposit of $5,000 from less experienced threat actors.
The new ransomware operation was first documented by CYFIRMA late last week, while Check Point Research performed a more in-depth analysis published yesterday.
Inside VanHelsing
Check Point’s analysts report that VanHelsing is a Russian cybercrime project that forbids targeting systems in systems in CIS (Commonwealth of Independent States) countries.
Affiliates are allowed to keep 80% of the ransom payments while the operators take a 20% cut. The payments are handled via an automated escrow system that employs two blockchain confirmations for security.