Sophisticated affiliate program: VanHelsing is a refined ransomware written in C++ and, based on the compilation timestamp observed by Check Point, had claimed its first victim on the same day it got spotted by CYFIRMA.”The ransomware accepts multiple command-line arguments that control the encryption process, such as whether to encrypt network and local drives or specific directories and files,” Check Point added.Additionally, as per VanHelsing’s advertisement screenshot shared with the Check Point blog post, the RaaS offers other affiliate-friendly features including encryption control, encryption modes, self-propagation, and debugging.While new affiliates are required to pay a deposit of $5,000 to gain access to the program, experienced ones can join for free. “After two blockchain confirmations of the victim’s ransom payment, the affiliates receive 80% of the revenue, while the remaining 20% is paid to the RaaS operators,” CheckPoint added.To keep victims from restoring or recovering files, the RaaS is designed to delete all “Shadow Copies,” which are backup copies of files or volumes created by Windows Volume Shadow Copy Service (VSS).According to CYFIRMA, the ransomware has so far targeted Government, Manufacturing and Pharma companies in the US and France. It advises companies to implement robust encryption, authentication, and configuration practices, along with ensuring backups of critical systems and files.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/3853628/new-vanhelsing-ransomware-claims-three-victims-within-a-month.html
