RansomedVC

Threat Actor updated 7 months ago (2024-05-04T20:51:17.204Z)

Download STIX

Preview STIX

RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operations such as Mogilevich and ExposedForum. In September, RansomedVC published data from nine victims on its leak site, including high-profile targets like Sony. The group was listed among the top three contributors to cyber attacks that month, alongside LostTrust and LockBit, according to a report by Malwarebytes. The operation behind RansomedVC is characterized by false claims and faux-extortion strategies. Notably, the group has claimed numerous victims, including State Farm Insurance, NTT Docomo, and Sony, often substantiating these claims with doctored or purchased data. For instance, in a case involving State Farm Insurance, RansomedVC falsely claimed to have stolen customers' personal identifiable information, leading to inaccurate media reports. These tactics have led to the group being permanently banned from certain forums for "scamming." The administrator behind RansomedVC, known as "Impotent" and now using the handle "RaznatovicAdmin," is believed to be a 40-something Bulgarian with ties to the Russian-speaking Ragnar Locker group, which was dismantled last October. Following the ban, the administrator rebooted RansomedVC under the name "Raznatovic," maintaining the same infrastructure. The group's unpredictable and deceitful practices make it a particularly challenging adversary in the cybersecurity landscape, as organizations cannot reliably predict or trust their actions.

Description last updated: 2024-03-15T13:19:07.085Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Dark Angels is a possible alias for RansomedVC. Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amou	2
Raznatovic is a possible alias for RansomedVC.	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Sony

Extortion

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The Lockbit Malware is associated with RansomedVC. LockBit is a malicious software, or malware, known for its damaging and exploitative functions. It infiltrates systems via dubious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The LockBit	Unspecified	2
The Clop Malware is associated with RansomedVC. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitin	Unspecified	2

Source Document References

Information about the RansomedVC Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	8 months ago	GRIT Ransomware Report: February 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
BankInfoSecurity	10 months ago	More Ransomware Victims Are Declining to Pay Extortionists
BankInfoSecurity	10 months ago	Weaponized Lying: Unraveling RansomedVC's Business Strategy
CERT-EU	a year ago	Ransomware Gang Leaks 1.67 Terabytes Of Files After Hacking Spider-Man 2 Dev Insomniac Games \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	a year ago	Hackers Demand $2 Million in Bitcoin After Stealing Insomniac Games Data: Report \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
BankInfoSecurity	a year ago	Breach Roundup: Google Phases Out Passwords for Passkeys
BankInfoSecurity	a year ago	Breach Roundup: Google Phases out Passwords
Malwarebytes	a year ago	Ransomware review: October 2023
CERT-EU	a year ago	Sony Fall Victim To CLop
Malwarebytes	a year ago	Ransomware group claims it's "compromised all of Sony systems"
Malwarebytes	a year ago	Sony attacked by two ransomware operators
CERT-EU	a year ago	Economic losses from major payment system cyberattack pegged at $3.5T
CERT-EU	a year ago	Ransomware attack claims against Colonial Pipeline linked to third-party breach
Malwarebytes	a year ago	Ransomware review: September 2023
CERT-EU	a year ago	DC Board of Elections Discloses Data Breach
CERT-EU	a year ago	Sony Interactive Entertainment Employees Suffer Data Breach From Unauthorised Parties
CERT-EU	a year ago	Sony Confirms Data Stolen in Two Recent Hacker Attacks
CERT-EU	a year ago	The next big API security breach looms: here’s how to prepare
Securityaffairs	a year ago	Sony sent data breach notifications to about 6,800 individuals
CERT-EU	a year ago	DC Board of Elections Discloses Data Breach