Microsoft Legal Action Disrupts Redvds Cybercrime Infrastructure... (2026)

Microsoft on Wednesday announced that it has taken a "coordinated legal action" in the U.S. and the U.K. to disrupt a cybercrime subscription service called RedVDS that has allegedly fueled millions in fraud losses.

The effort, per the tech giant, is part of a broader law enforcement effort in collaboration with law enforcement authorities that has allowed it to confiscate the malicious infrastructure and take the illicit service ("redvds[.]com") offline.

"For as little as US $24 a month, RedVDS provides criminals with access to disposable virtual computers that make fraud cheap, scalable, and difficult to trace," said Steven Masada, assistant general counsel of Microsoft's Digital Crimes Unit. "Since March 2025, RedVDS‑enabled activity has driven roughly US $40 million in reported fraud losses in the United States alone."

Crimeware-as-a-service (CaaS) offerings have increasingly become a lucrative business model, transforming cybercrime from what once was an exclusive domain that required technical expertise into an underground economy where even inexperienced and aspiring threat actors can carry out complex attacks quickly and at scale.

These turnkey services span a wide spectrum of modular tools, ranging from phishing kits to stealers to ransomware, effectively contributing to the professionalization of cybercrime and emerging as a catalyst for sophisticated attacks.

Microsoft said RedVDS was advertised as an online subscription service that provides cheap and disposable virtual computers running unlicensed software, including Windows, so as to empower and enable criminals to operate anonymously and send high‑volume phishing emails, host scam infrastructure, pull off business email compromise (BEC) schemes, conduct account takeovers, and facilitate financial fraud.

Specifically, it served as a hub for purchasing unlicensed and inexpensive Windows-based Remote Desktop Protocol (RDP) servers with full administrator control and no usage limits through a feature-rich user interface. RedVDS, besides providing servers located in Canada, the U.S., France, the Netherlands, Germany, Singapore, and the U.K., also offered a reseller panel to create sub-users and grant them access to manage the servers without having to share access to the main site.

An FAQ section on the website noted that users can leverage its Telegram bot to manage their servers from within the Telegram app instead of having to log in to the site. Notably, the service did not maintain ac

Source: The Hacker News