Ransomed.vc Claims Ransomware Attack on Flash Motors

Ransomed.vc claimed a ransomware attack on Flash Motors. To add legitimacy to their claims, the group provided proof of the breach. The criminals also urged the company to "use one of the scooters they manufacture to swiftly reach the nearest bank and purchase XMR (Monero), a privacy-focused cryptocurrency." Flash Motors provides high-quality electric scooters, designed for every kind of rider.

The Emergence of Ransomed.vc

Ransomed.vc originally emerged as an underground forum around August 4, 2023. The forum focused on the brokerage of data leaks, network access, vulnerabilities, exploits, OPSEC discussions, and other illicit offerings. The forum was maintained by "Admin" (1st Administrator) and an actor going by the alias "Yuna" (2nd Administrator). Analysts assess that one of the Ransomed.vc admins’ guiding motives for founding the forum was to build a prospering cybercriminal community and attract credible participants specializing in unauthorized access. Ransomed.vc leaders may have also had a plan to vertically integrate forum members, with the aim of operationalizing them later as affiliates or as proprietary initial access brokers (IABs).

Operational Tactics and Extortion Methods

Initially, the forum had a strong focus on sharing compromised data, combo lists with credentials (logs), and personally identifiable information (PII). In the early stages of its development, Ransomed.vc called itself "a leading company in digital peace tax." This description refers to the unique extortion method used by the group against victims based in the European Union (EU). Specifically, Ransomed.vc weaponizes the EU’s General Data Protection Regulation’s (GDPR) strict legal and enforcement regime as a lever to extort victim organizations. If companies fail to pay the group’s ransom demands, Ransomed.vc publishes their stolen information online, which invariably subjects victims to GDPR enforcement and potential fines. Threat actors thus weaponize the institutional fear of potential GDPR fines and reputational fallout to intimidate corporate victims into paying their ransoms.

Affiliate Program and Operational Guidelines

Ransomed.vc welcomes new affiliates to join their program with the goal of monetizing compromised access to enterprise networks. The ransomware group instructs affiliates to refrain from attacking any Russian or Ukrainian infrastructure, openly conceding that the majority of their operators may hail from those countries.