The cybercriminals behind ransomware gang RansomedVC are apparently selling and are inviting interested buyers to bid for its malware builder and other infrastructure. Those running the gang, famous for its hack on Sony earlier this year, say they want to get out of the cybercrime business after coming under scrutiny from police.
Writing on its dark web blog and Telegram channel, the group’s admin said they were putting the technology up for sale for “personal reasons”.
RansomedVC put up for sale
An asking price has not been disclosed, but according to the Telegram post, anyone who coughs up the cash will allegedly receive a ransomware builder, VPN access to multiple companies with combined revenue of $3bn, and databases worth over $10m each. Also included are various domains, social media accounts and Telegram channels, as well as access to affiliate groups.
A post on the group’s dark web blog said to be from an admin reads: “I do not want to continue running the project due to personal reasons, none will be disclosed to journalist, dont [sic] even ask.
“We are selling everything. I do not want to continue being monitored by federal agencies and I would wish to sell the project to someone who will want to continue it.”
Ransomware gangs are known for rebranding or laying low for a time when they come under scrutiny from police, so it is possible that the hackers behind RansomedVC are preparing to re-emerge under a new identity, possibly with new malware.
Sony among RansomedVC’s victims?
Ransomedvc was initially spotted by cybersecurity researchers in August. On its blog, the gang claims to be the “leading company in digital peace tax”, because it has tried to use Europe’s GDPR data laws to its advantage.
It has been reported that the gang will contact victims encouraging them to pay up for their data, or face being reported to the authorities for a GDPR breach. Fines for businesses that are found to be in contravention of GDPR can be sizeable.
Among the group’s known victims is Sony, which was apparently infiltrated in September. RansomedVC posted information, including a PowerPoint presentation from Sony’s quality assurance division, internal screenshots displaying what could be a Sony workstation, and some Java files. But it later complained the company was refusing to pay the ransom and threatened to release data on 28 September, though evidence of such a data dump has not been forthcoming. Sony did not comment on the breach.
Earlier this month it claimed to have breached Colonial Pipeline, the US company that was the victim of a massive cyberattack in 2021. However, the business denied an attack had taken place.