RansomedVC

Threat Actor updated 4 months ago (2024-05-04T20:51:17.204Z)

Download STIX

Preview STIX

RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operations such as Mogilevich and ExposedForum. In September, RansomedVC published data from nine victims on its leak site, including high-profile targets like Sony. The group was listed among the top three contributors to cyber attacks that month, alongside LostTrust and LockBit, according to a report by Malwarebytes. The operation behind RansomedVC is characterized by false claims and faux-extortion strategies. Notably, the group has claimed numerous victims, including State Farm Insurance, NTT Docomo, and Sony, often substantiating these claims with doctored or purchased data. For instance, in a case involving State Farm Insurance, RansomedVC falsely claimed to have stolen customers' personal identifiable information, leading to inaccurate media reports. These tactics have led to the group being permanently banned from certain forums for "scamming." The administrator behind RansomedVC, known as "Impotent" and now using the handle "RaznatovicAdmin," is believed to be a 40-something Bulgarian with ties to the Russian-speaking Ragnar Locker group, which was dismantled last October. Following the ban, the administrator rebooted RansomedVC under the name "Raznatovic," maintaining the same infrastructure. The group's unpredictable and deceitful practices make it a particularly challenging adversary in the cybersecurity landscape, as organizations cannot reliably predict or trust their actions.

Description last updated: 2024-03-15T13:19:07.085Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Dark Angels	2	Dark Angels, a Russia-based cybercrime syndicate, emerged as a significant threat actor in the cybersecurity landscape since its first appearance in May 2022. Known for stealing substantial amounts of data from major companies across diverse sectors such as healthcare, finance, government, and educa
Raznatovic	2	None

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Sony

Extortion

Ransom

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
Lockbit	Unspecified	2	LockBit is a malicious software, or malware, that has been notably active and damaging in the cyber world. Known for its ability to infiltrate systems often without detection, it can steal personal information, disrupt operations, and even hold data hostage for ransom. In the first half of 2024, Loc
Clop	Unspecified	2	Clop, also known as Cl0p, is a notorious ransomware group responsible for several high-profile cyberattacks. The group specializes in exploiting vulnerabilities in software and systems to gain unauthorized access, exfiltrate sensitive data, and then extort victims by threatening to release the stole

Source Document References

Information about the RansomedVC Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	GRIT Ransomware Report: February 2024 \| #ransomware \| #cybercrime \| National Cyber Security Consulting
BankInfoSecurity	7 months ago	More Ransomware Victims Are Declining to Pay Extortionists
BankInfoSecurity	7 months ago	Weaponized Lying: Unraveling RansomedVC's Business Strategy
CERT-EU	9 months ago	Ransomware Gang Leaks 1.67 Terabytes Of Files After Hacking Spider-Man 2 Dev Insomniac Games \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
CERT-EU	9 months ago	Hackers Demand $2 Million in Bitcoin After Stealing Insomniac Games Data: Report \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #hacker \| National Cyber Security Consulting
BankInfoSecurity	a year ago	Breach Roundup: Google Phases Out Passwords for Passkeys
BankInfoSecurity	a year ago	Breach Roundup: Google Phases out Passwords
Malwarebytes	a year ago	Ransomware review: October 2023
CERT-EU	a year ago	Sony Fall Victim To CLop
Malwarebytes	a year ago	Ransomware group claims it's "compromised all of Sony systems"
Malwarebytes	a year ago	Sony attacked by two ransomware operators
CERT-EU	a year ago	Economic losses from major payment system cyberattack pegged at $3.5T
CERT-EU	a year ago	Ransomware attack claims against Colonial Pipeline linked to third-party breach
Malwarebytes	a year ago	Ransomware review: September 2023
CERT-EU	a year ago	DC Board of Elections Discloses Data Breach
CERT-EU	a year ago	Sony Interactive Entertainment Employees Suffer Data Breach From Unauthorised Parties
CERT-EU	a year ago	Sony Confirms Data Stolen in Two Recent Hacker Attacks
CERT-EU	a year ago	The next big API security breach looms: here’s how to prepare
Securityaffairs	a year ago	Sony sent data breach notifications to about 6,800 individuals
CERT-EU	a year ago	DC Board of Elections Discloses Data Breach