Overview
- Microsoft worked with Europol and German authorities to seize RedVDS domains and servers, removing the marketplace from operation.
- The company filed civil actions in the U.S. and U.K., with H2 Pharma and the Gatehouse Dock Condominium Association joining as co-plaintiffs after losses of about $7.3 million and nearly $500,000, respectively.
- Microsoft attributes at least $40 million in U.S. fraud losses to RedVDS since March 2025, tied to mass phishing, payment diversion and business email compromise.
- Since September 2025, RedVDS-enabled campaigns compromised or fraudulently accessed more than 191,000 Microsoft email accounts across over 130,000 organizations worldwide.
- RedVDS rented $24-per-month disposable virtual machines running unlicensed Windows across multiple countries; Microsoft tracks the operators as Storm-2470 and is continuing attribution efforts with international partners.