BleepingComputer reports that Windows, Linux, ARM, BSD, and ESXi systems have been subjected to attacks by the novel Russia-based VanHelsing ransomware-as-a-service operation, which has already compromised a Texas city and tech firms in the U.S. and France since its emergence earlier this month.
Organizations in Commonwealth of Independent States countries have been spared from VanHelsing's intrusions, which involve the deployment of a C++-based ransomware that leverages the ChaCha20 algorithm to facilitate total and partial encryption of files below and above the 1 GB threshold, respectively, according to an analysis from Check Point Research. VanHelsing also features a pair of encryption modes, with normal prompting file and folder enumeration, file content encryption, and file renaming, and stealth separating the encryption and file renaming processes, said researchers, who noted that the ransomware's code has been littered with exclusion list logic and file extension errors that signify its lack of maturity. Meanwhile, affiliates part of VanHelsing were found to have been given 80% of ransomware payments, which could reach up to $500,000.
