RansomedVC

RansomedVC is a data extortion and ransomware-branded cybercrime actor active in 2023 and later reported as reactivated after a period of inactivity. The content describes it as an extortion group that does not have its own encryptor, and as a fabulist operation that has posted fabricated attacks and fictitious stolen data on its leak site to deceive and extort victims. Reported 2023 claims included alleged theft of customers’ personally identifiable information from State Farm Insurance and data from NTT Docomo; reporting cited in the content states these datasets were fictitious. The actor is also referred to as RansomedSupport. Supporting reporting describes operational overlap and gradual alignment with the Stormous ecosystem rather than a simple direct rebrand, including shared infrastructure, repeated Telegram channel rebranding, and reuse of the same TOX identifier across RansomedVC, Stormous, and later GhostLocker-branded activity. Early RansomedVC activity focused on recruitment, announcements, and breach claims; later channel activity advertised a marketplace, sought partnerships with other cybercrime services, and promoted tiered affiliate access models. The content also notes a claimed Sony breach in which Ransomed.vc said it accessed more than 6,000 files and offered the data for sale for $2.5 million, while Sony said it was investigating. In 2025, RansomedVC was reported as reactivated, and another report states the group returned after a two-year absence and leaked internal chat transcripts of the Medusa ransomware group. Known aliases and related branding in the content include Ransomed.vc, RansomedSupport, Ransomed News, Ransomed_vc, Ransomed.vc Channel, and later channel rebrands associated with Stormous.X Store and Stm.X | GhostLocker.