# VanHelsing Ransomware Builder Leaked on Hacking Forum
In a shocking turn of events, the source code for the VanHelsing ransomware builder has been leaked on a hacking forum. The operation, launched in March 2025, offers a range of targets, including Windows, Linux, BSD, ARM, and ESXi systems.
The leak comes after an old developer tried to sell the source code for $10,000 on the RAMP cybercrime forum. However, the VanHelsing operators quickly outsmarted the seller by releasing the source code themselves, claiming that the leaker was one of their old developers trying to scam people.
The leaked data is incomplete compared to what the original seller claimed, missing crucial information such as the Linux builder and databases. Nonetheless, BleepingComputer has confirmed that the leaked source code includes the legitimate builder for the Windows encryptor and the source code for the affiliate panel and data leak site.
The VanHelsing builder's source code is somewhat disorganized, with Visual Studio project files found in the "Release" folder. While complete, using the VanHelsing builder will require some work, as it connects back to the affiliate panel to receive data used for the build process. However, the leak also includes the source code for the Windows encryptor, which can be used to create a standalone build, decryptor, and loader.
Interestingly, the leaked source code revealed that the threat actors were attempting to build an MBR locker that would replace the master boot record with a custom bootloader displaying a lock message. This is not the first time a ransomware builder or encryptor source code has been leaked online, allowing new ransomware groups or individual threat actors to quickly conduct attacks.
The leak of VanHelsing's source code follows in the footsteps of previous leaks, such as the Babuk ransomware builder and Conti ransomware operation. These leaks have become crucial resources for threat actors, enabling them to create their own attackers and conduct devastating attacks on vulnerable systems.
# Key Findings:
* The VanHelsing ransomware builder's source code has been leaked on a hacking forum. * The leak comes after an old developer tried to sell the source code for $10,000. * The leaked data is incomplete compared to what the original seller claimed. * The VanHelsing builder's source code includes legitimate Windows encryptor and affiliate panel code.
# Implications:
* The leak of VanHelsing's source code poses a significant threat to individuals and organizations who use Windows systems. * Threat actors can now use this source code to create their own ransomware attacks, potentially causing widespread disruption and data loss. * The leak highlights the importance of cybersecurity awareness and the need for regular software updates and patches.
Stay vigilant and take proactive measures to protect your systems from these emerging threats.