The VanHelsing ransomware-as-a-service operation has leaked its source code, including the Windows encryptor and affiliate panel, after an attempted sale by an alleged hacker. This leak could enable cybercriminals to customize and deploy new variants, impacting multiple systems such as Windows, Linux, BSD, ARM, and ESXi. #VanHelsing #Ransomware #Cybersecurity #SourceCodeLeak
Keypoints
- The VanHelsing RaaS launched in March 2025 and targets various operating systems including Windows and Linux.
- An individual attempted to sell the source code for VanHelsingβs tools on a cybercrime forum for $10,000.
- The ransomware operators preemptively released the source code, claiming the seller was an old developer attempting to scam others.
- The leaked code includes the Windows encryptor, affiliate panel, and parts of the data leak infrastructure, but lacks the Linux builder and databases.
- Leaks of ransomware source code, like VanHelsing, historically enable other malicious actors to develop new variants and conduct attacks more easily.