Skip to content
Ransomware group

RansomedVC

RansomedVC is presented in the provided reporting as a purported ransomware/data-leak extortion operation associated with fictitious or unverified breach claims rather than a clearly validated ransomware campaign.

Profile source: Mallory opens in a new tab

RansomedVC

Family profile

RansomedVC is presented in the provided reporting as a purported ransomware/data-leak extortion operation associated with fictitious or unverified breach claims rather than a clearly validated ransomware campaign. The content places it alongside other cybercrime scam or impersonation efforts and cites reporting from Jon DiMaggio of Analyst1 that, in 2023, RansomedVC claimed to have stolen customers’ personally identifiable information from State Farm Insurance and from NTT Docomo, but the purported stolen datasets in those cases were assessed to be entirely fictitious and used in attempted extortion. Separate reporting referenced in the content states that RansomedVC later reappeared after a hiatus and leaked Medusa-related data/chats. High-confidence details in the source do not confirm a functioning ransomware executable, specific infection vector, ransom note, or technical indicators of compromise for RansomedVC. Based on the provided content, the most defensible characterization is that RansomedVC operated as a named extortion or leak-brand making false or unverified data-theft claims, including claims involving customer PII, with no validated breach evidence included here.

Ransomware.live

Operational record

View group record ↗

Reporting

Research mentioning RansomedVC

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.