Cyberattacks are becoming more numerous and sophisticated. A dangerous new virus is currently circulating, targeting both businesses and individuals. Three victims have already been identified, including one in France.
Ransomware no longer only targets large companies. Recent attacks have affected individuals via data stolen from Chrome, or entire companies via because of a simple, outdated camera. This type of virus encrypts files, renders them unusable, and then demands a ransom. It is in this context that a new one, called VanHelsing, has just appeared. It works on several platforms and uses stealth techniques to evade antivirus.
VanHelsing was first spotted in mid-March. It is a service used by several cybercriminal groups, who pay to access the tool. This model, called Ransomware-as-a-Service (RaaS), allows for wide distribution. It can be installed on Windows PCs (Windows 10 and Windows 11), Linux systems, ESXi servers (often used in businesses), and even on certain devices equipped with ARM chips, such as NAS or connected objects. Three victims are already known companies, including a French company and two American companies.
VanHelsing ransomware encrypts files without detection and demands €460,000
Once installed, VanHelsing encrypts files, making them unreadable. Hackers then demand a ransom or publish the stolen data. The amount demanded is high: $500,000, or approximately 460,000 euros.
To avoid detection, the ransomware works in two stages: it first encrypts the files without renaming them, which reduces the chances of triggering an alert. In the second phase, the files are renamed with the extension “.vanhelsing”. By this time, it is already too late to recover them without paying.
Cybercriminals The origin of VanHelsing hosts the stolen data themselves and offers an automated dashboard to those who use their tool. This allows inexperienced groups to launch complex attacks. Businesses are particularly targeted, but poorly protected individuals can also be tricked, for example by clicking on a booby-trapped link or using a password that is too simple. Vigilance remains the best protection.
Source: Check Point Research
0 Comments