VanHelsing is a ransomware-as-a-service (RaaS) operation that emerged on March 7, 2025, quickly gaining attention in the cybercrime world. It uses double extortion tactics, encrypting files while threatening to leak stolen data, with ransom demands reaching up to $500,000 per victim. Operating on an affiliate model, it allows cybercriminals to join with a $5,000 deposit, offering them 80% of the ransom while operators take 20%. Primarily targeting Windows, it also claims compatibility with Linux, BSD, ARM, and VMware ESXi. Within two weeks, it had already infected three organizations, highlighting its rapid spread and the urgent need for strong cybersecurity defenses.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox