HOMETHREATSVanHelsing
APT / THREAT GROUP💰 FINANCIAL

VanHelsing

2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

VanHelsing is a multi-platform RaaS operation that launched on March 7, 2025, requiring a $5,000 affiliate deposit and splitting ransoms 80/20, supporting Windows, Linux, BSD, ARM, and ESXi targets, reaching at least five victims across the US, France, Italy, and Australia within its first two months.

Threat Analysis

VanHelsing is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of financial.

Financially motivated threat actors like VanHelsing prioritize monetary gain through methods such as ransomware deployment, banking trojans, cryptocurrency theft, BEC scams, or credential harvesting for resale on underground markets.

External References

Quick Facts

TypeAPT / Threat Group
Motivation💰 financial
Aliases2

Also Known As

VanHelsingwin.vanhelsing

External Intelligence

Malpedia: win.vanhelsing

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.