BleepingComputer reports that the newly emergent VanHelsing ransomware-as-a-service operation has released its affiliate panel, data leak site, and Windows encryptor source codes after "th30c0der", one of its old developers, attempted to peddle such data for $10,000.
Despite leaking the data with the promise of emerging with an improved iteration soon, VanHelsing has not included the Linux builder and databases claimed to have been part of the trove being sold by th30c0der. While the exposed Windows encryptor source code showed VanHelsing's attempt to create an MBR locker using a custom bootloader to replace the master boot record, such a leak had a jumbled builder source code that would pose a challenge for those looking to use it. Such ransomware builder and encryptor source code exposure comes after similar activity impacting the Babuk, Conti, and LockBit ransomware operations, which has enabled other threat actors to adopt their respective attack toolkits.
Despite leaking the data with the promise of emerging with an improved iteration soon, VanHelsing has not included the Linux builder and databases claimed to have been part of the trove being sold by th30c0der. While the exposed Windows encryptor source code showed VanHelsing's attempt to create an MBR locker using a custom bootloader to replace the master boot record, such a leak had a jumbled builder source code that would pose a challenge for those looking to use it. Such ransomware builder and encryptor source code exposure comes after similar activity impacting the Babuk, Conti, and LockBit ransomware operations, which has enabled other threat actors to adopt their respective attack toolkits.
