RansomedVC

Threat Actor updated a month ago (2024-11-29T14:49:09.725Z)
Download STIX
Preview STIX
RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operations such as Mogilevich and ExposedForum. In September, RansomedVC published data from nine victims on its leak site, including high-profile targets like Sony. The group was listed among the top three contributors to cyber attacks that month, alongside LostTrust and LockBit, according to a report by Malwarebytes. The operation behind RansomedVC is characterized by false claims and faux-extortion strategies. Notably, the group has claimed numerous victims, including State Farm Insurance, NTT Docomo, and Sony, often substantiating these claims with doctored or purchased data. For instance, in a case involving State Farm Insurance, RansomedVC falsely claimed to have stolen customers' personal identifiable information, leading to inaccurate media reports. These tactics have led to the group being permanently banned from certain forums for "scamming." The administrator behind RansomedVC, known as "Impotent" and now using the handle "RaznatovicAdmin," is believed to be a 40-something Bulgarian with ties to the Russian-speaking Ragnar Locker group, which was dismantled last October. Following the ban, the administrator rebooted RansomedVC under the name "Raznatovic," maintaining the same infrastructure. The group's unpredictable and deceitful practices make it a particularly challenging adversary in the cybersecurity landscape, as organizations cannot reliably predict or trust their actions.
Description last updated: 2024-03-15T13:19:07.085Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dark Angels is a possible alias for RansomedVC. Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amou
2
Raznatovic is a possible alias for RansomedVC.
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Sony
Extortion
Ransom
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Lockbit Malware is associated with RansomedVC. LockBit is a prominent ransomware-as-a-service (RaaS) malware that has been involved in numerous cyberattacks, demonstrating its staying power and adaptability. The malware, which can infiltrate systems through suspicious downloads, emails, or websites, is designed to exploit and damage computers orUnspecified
2
The Clop Malware is associated with RansomedVC. Clop, a malicious software (malware), is linked to a Russian-speaking cybercriminal group also known as Cl0p. It is designed to exploit and damage computer systems by stealing personal information, disrupting operations, or holding data hostage for ransom. In May 2023, the Clop group began exploitinUnspecified
2
Source Document References
Information about the RansomedVC Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
9 months ago
BankInfoSecurity
a year ago
BankInfoSecurity
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
BankInfoSecurity
a year ago
BankInfoSecurity
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Malwarebytes
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago