VanHelsing Ransomware Infects Five Victims Across US, Europe, Australia

Ransomware threats continue to evolve with increasingly sophisticated and aggressive ransomware-as-a-service (RaaS) operations impacting a wide range of targets globally. VanHelsing, emerging in early 2025, exemplifies this trend with its cross-platform capabilities affecting Windows, Linux, BSD, ARM, and VMware ESXi systems, employing robust encryption and a double extortion model by leaking stolen data if ransom demands go unmet. Meanwhile, DragonForce, active since 2023, has expanded its operations by rebranding as a cartel that allows affiliates to deploy various ransomware brands, contributing to high-profile attacks on UK retailers while explicitly avoiding targets in Russia and former Soviet states. These developments underscore the growing complexity and scale of ransomware attacks, which exploit legitimate IT tools and lower barriers to entry through RaaS models, making attacks more frequent and devastating. Experts emphasize that organizations must prioritize strong business continuity and disaster recovery (BCDR) strategies, like the enhanced 3-2-1-1-0 backup rule, to ensure rapid recovery and resilience against ransomware's crippling impacts. Security firms like AttackIQ are responding by creating tools such as attack graphs based on observed ransomware tactics to help organizations validate and strengthen their defenses against these emerging threats.