Here is the rewritten content:
Cybersecurity Experts Discover New Ransomware Project VanHelsing
Introduction
Cybersecurity experts have discovered a new ransomware project called VanHelsing, which is designed to target Windows, Linux, BSD, ARM, and ESXi systems. The project was first detected by researchers at CYFIRMA on March 16, 2023, and it is believed to be operated by individuals from Russia.
How VanHelsing Works
After execution, VanHelsing appends the extension ".vanhelsing" to encrypted files, changes the desktop background, and leaves a ransom note called "README.TXT" on the victim’s system. One of the victims was reportedly asked to pay 500,000 dollars in Bitcoin to a specific wallet.
Platform-Agnostic Ransomware Project
According to CYFIRMA, VanHelsing is a platform-agnostic ransomware project that primarily targets Windows users. "The ransomware uses advanced encryption techniques and appends a unique file extension to compromised files," states the research report.
However, a few days later, Check Point discovered that the Darknet offers platform-agnostic VanHelsing programs, including versions for Linux, BSD, ARM, and ESXi systems. "The RaaS program offers an intuitive control panel for simplified ransomware operations," says Check Point.
Outstanding Features
VanHelsing is a sophisticated, C++-written ransomware that, based on the observed compilation timestamp, demanded its first victim on the same day it was discovered by CYFIRMA. The ransomware accepts multiple command-line options to control the encryption process, such as encrypting network and local drives, or specific directories and files.
The RaaS also offers affiliate-friendly features like encryption control, encryption modes, self-distribution, and debugging, as seen in the VanHelsing promotional screenshot published in the Check Point blog post.
Fees and Payout Structure
New investors are required to pay a $5,000 upfront fee to access the program, while experienced affiliates can join for free. "After two blockchain confirmations of the ransom payment by the victim, partners receive 80% of the earnings, while the remaining 20% goes to the RaaS operators," explains Check Point.
How to Prevent Attacks
To prevent attacks, experts recommend implementing robust encryption, authentication, and configuration practices, as well as creating backups of critical systems and files.
Conclusion
The discovery of VanHelsing highlights the growing threat of ransomware attacks, which can target various platforms and systems. As the RaaS continues to evolve, it is essential for organizations to stay vigilant and implement robust security measures to protect against these types of attacks.
FAQs
Q: What is VanHelsing?
A: VanHelsing is a new ransomware project that targets Windows, Linux, BSD, ARM, and ESXi systems.
Q: Who is behind VanHelsing?
A: The project is believed to be operated by individuals from Russia.
Q: How does VanHelsing work?
A: After execution, VanHelsing appends the extension ".vanhelsing" to encrypted files, changes the desktop background, and leaves a ransom note called "README.TXT" on the victim’s system.
Q: What are the fees associated with VanHelsing?
A: New investors are required to pay a $5,000 upfront fee, while experienced affiliates can join for free.
Q: What is the payout structure for VanHelsing?
A: Partners receive 80% of the earnings after two blockchain confirmations of the ransom payment by the victim.
