Disposable Cybercrime Servers Fueled by a Sole Windows Image Drive RedVDS Enterprise
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Brief Overview
- RedVDS employed a single Windows Server 2022 image to generate temporary cybercrime servers.
- Initiatives started in 2019, affecting countries around the world, including Australia.
- Virtual servers rented for US$24 ($35.82) each month, facilitating phishing and BEC fraud.
- Microsoft, Europol, and German law enforcement have taken action against RedVDS.
- In the US, losses totaled US$40 million since March 2025.
RedVDS and Its Worldwide Repercussions
Since 2019, RedVDS has been a well-known entity within the cybercrime realm. By utilizing a single Windows Server 2022 foundational image, this criminal organization managed to establish numerous virtual dedicated servers (VDS) that were leased to cybercriminals at a nominal fee of US$24 ($35.82) monthly. These servers provided complete administrative access and unrestricted usage, empowering cybercriminals to function almost freely.
Targeting Australia and Beyond
The activities of RedVDS had a considerable effect on global cybersecurity, with Australians and Canadians especially impacted by scams involving the diversion of real estate payments. The misuse of these servers also reached extensive phishing operations, dispatching millions of messages each day, and business email compromise (BEC) tactics across a range of industries worldwide.
Law Enforcement Responds
Microsoft, in conjunction with Europol and German authorities, has confiscated the domains linked to RedVDS, hindering access to the marketplace and user portal. This initiative forms part of a wider offensive against cybercrime, which also included the dismantling of the Raccoon0365 phishing scheme last September.
Conclusion
RedVDS capitalized on a single Windows Server 2022 image to offer affordable virtual servers to cybercriminals, affecting thousands across the globe, including Australians. The intervention by Microsoft, alongside law enforcement partners, has been crucial in breaking down this cybercrime network.
Q: What was the primary method utilized by RedVDS to enable cybercrime?
A: RedVDS utilized a singular Windows Server 2022 image to establish multiple virtual dedicated servers, which were leased to threat actors.
Q: What was the rental fee for a server from RedVDS?
A: The fee was US$24 per month, roughly $35.82 AUD.
Q: Which countries experienced the most impact from RedVDS’s activities?
A: Australia and Canada were particularly affected by scams enabled by RedVDS.
Q: What measures have been implemented against RedVDS?
A: Microsoft, together with Europol and German police, seized RedVDS’s associated domains, hindering their operations.
Q: Who were the clients of RedVDS?
A: Notably, the Raccoon0365 phishing operation was among RedVDS’s clients.
Q: Is there any information regarding the individuals behind RedVDS?
A: Currently, the individuals behind RedVDS remain unknown, although they reportedly functioned through a fictitious organization based in the Bahamas.
Q: Which sectors were targeted by scams facilitated by RedVDS?
A: The scams targeted numerous sectors globally, including real estate and various businesses through BEC fraud schemes.
