RansomedVC

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operations such as Mogilevich and ExposedForum. In September, RansomedVC published data from nine victims on its leak site, including high-profile targets like Sony. The group was listed among the top three contributors to cyber attacks that month, alongside LostTrust and LockBit, according to a report by Malwarebytes. The operation behind RansomedVC is characterized by false claims and faux-extortion strategies. Notably, the group has claimed numerous victims, including State Farm Insurance, NTT Docomo, and Sony, often substantiating these claims with doctored or purchased data. For instance, in a case involving State Farm Insurance, RansomedVC falsely claimed to have stolen customers' personal identifiable information, leading to inaccurate media reports. These tactics have led to the group being permanently banned from certain forums for "scamming." The administrator behind RansomedVC, known as "Impotent" and now using the handle "RaznatovicAdmin," is believed to be a 40-something Bulgarian with ties to the Russian-speaking Ragnar Locker group, which was dismantled last October. Following the ban, the administrator rebooted RansomedVC under the name "Raznatovic," maintaining the same infrastructure. The group's unpredictable and deceitful practices make it a particularly challenging adversary in the cybersecurity landscape, as organizations cannot reliably predict or trust their actions.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Dark Angels
2
Dark Angels is a recognized threat actor, or hacking team, known for its malicious activities in the cybersecurity landscape. This group is primarily involved in executing ransomware attacks, where they encrypt a victim's data and demand payment for its release. However, their modus operandi also in
Raznatovic
2
None
Exposedforum
1
None
Ransomedsupport
1
None
Raznatovicadmin
1
None
Mogilevich
1
Mogilevich, a self-proclaimed "group dedicated to data extortion," emerged on February 20th and made claims of high-profile cyber attacks. Their alleged victims included Infiniti, Epic Games, DJI, and Shein. The group gained notoriety for their audacious claims of successful ransomware attacks, incl
Impotent
1
Impotent, a threat actor co-founded by individuals known as "Impotent" and "Purism," has been involved in various cybersecurity incidents that have raised concerns within the industry. On May 29, 2023, Impotent, who also served as the forum administrator for Exposed, leaked a database containing inf
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Sony
Ransom
Extortion
Cybercrime
Telegram
Vpn
RaaS
Malware
Dragos
Scam
Cyberscoop
Malwarebytes
Breachforums
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a type of malware, specifically ransomware, that infiltrates systems to steal data or disrupt operations, often demanding ransom in return for the release of the compromised data. Notable incidents include the LockBit ransomware gang claiming to have stolen and subsequently leaking data f
ClopUnspecified
2
Clop is a notorious malware, short for malicious software, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, Clop can steal personal information, disrupt operations, or h
CactusUnspecified
1
Cactus is a type of malware, specifically ransomware, that has been implicated in several high-profile cyber-attacks. This malicious software infiltrates systems through deceptive methods such as suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside a system, Cactus c
RagnarlockerUnspecified
1
RagnarLocker is a type of malware, specifically ransomware, which first emerged in 2021. It is designed to infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can steal personal information, disrupt operations, or hold data hostag
Ragnar LockerUnspecified
1
Ragnar Locker is a type of malware, specifically ransomware, which has been used in numerous cyber attacks globally. This malicious software infiltrates systems through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or hold data host
TrigonaUnspecified
1
Trigona, a notable ransomware strain first identified in 2022, is a type of malicious software designed to infiltrate systems and hold data hostage for ransom. Its operations gained significant attention in 2023, as it emerged as a prominent threat in the cybersecurity landscape. Trigona had a uniqu
SnatchUnspecified
1
Snatch is a type of malware, specifically ransomware, known for its malicious activities. Ransomware is a harmful program designed to exploit and damage computer systems or devices. It infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
1
AlphV, a notorious threat actor in the cybersecurity industry, has been responsible for numerous high-profile ransomware attacks. The group's activities include the theft of 5TB of data from Morrison Community Hospital and hacking Clarion, a global manufacturer of audio and video equipment for cars.
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the RansomedVC Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
4 months ago
GRIT Ransomware Report: February 2024 | #ransomware | #cybercrime | National Cyber Security Consulting
BankInfoSecurity
5 months ago
More Ransomware Victims Are Declining to Pay Extortionists
BankInfoSecurity
5 months ago
Weaponized Lying: Unraveling RansomedVC's Business Strategy
CERT-EU
7 months ago
Ransomware Gang Leaks 1.67 Terabytes Of Files After Hacking Spider-Man 2 Dev Insomniac Games | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
7 months ago
Hackers Demand $2 Million in Bitcoin After Stealing Insomniac Games Data: Report | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
BankInfoSecurity
9 months ago
Breach Roundup: Google Phases Out Passwords for Passkeys
BankInfoSecurity
9 months ago
Breach Roundup: Google Phases out Passwords
Malwarebytes
9 months ago
Ransomware review: October 2023
CERT-EU
9 months ago
Sony Fall Victim To CLop
Malwarebytes
10 months ago
Ransomware group claims it's "compromised all of Sony systems"
Malwarebytes
9 months ago
Sony attacked by two ransomware operators
CERT-EU
9 months ago
Economic losses from major payment system cyberattack pegged at $3.5T
CERT-EU
9 months ago
Ransomware attack claims against Colonial Pipeline linked to third-party breach
Malwarebytes
10 months ago
Ransomware review: September 2023
CERT-EU
9 months ago
DC Board of Elections Discloses Data Breach
CERT-EU
9 months ago
Sony Interactive Entertainment Employees Suffer Data Breach From Unauthorised Parties
CERT-EU
9 months ago
Sony Confirms Data Stolen in Two Recent Hacker Attacks
CERT-EU
9 months ago
The next big API security breach looms: here’s how to prepare
Securityaffairs
9 months ago
Sony sent data breach notifications to about 6,800 individuals
CERT-EU
9 months ago
DC Board of Elections Discloses Data Breach