Menu
Browse

Cyber Threat Actor: RansomedVC

Actor Type Location Known Incidents
 Icon
Criminal
0 incidents
Profile

RansomedVC operates as a cybercriminal entity specializing in ransomware operations and data extortion schemes. The group leverages its namesake alias consistently across underground forums and victim communications, with no widely corroborated alternative monikers observed in public reporting. Their activities focus on extracting financial gains through coercive tactics rather than ideological or state-aligned objectives.

This actor predominantly targets corporate entities across technology, healthcare, and education sectors, with a notable concentration of victims in Europe and North America. Operations typically involve breaching networks to steal sensitive data before deploying ransomware, followed by threats to auction or publicly release exfiltrated information unless payments are made. RansomedVC has employed ransomware variants aligned with LockBit and BlackCat codebases in multiple incidents, though they do not appear to maintain exclusive malware tooling. Initial access frequently exploits unpatched vulnerabilities in public-facing applications or compromised credentials obtained through infostealer logs. The group actively advertises stolen data on clearnet and dark web platforms to pressure victims, demonstrating a consistent double-extortion methodology. Publicly documented operations include a 2023 breach of Sony Group, where the actor claimed to have exfiltrated 6,000 files, and attacks against European healthcare providers that disrupted patient services during extortion negotiations. No verifiable ties to nation-state sponsors or formal criminal alliances have been established in open-source intelligence.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
0 sources