On Wednesday, Microsoft’s Digital Crimes Unit (DCU), in coordination with international law enforcement agencies including Europol, the FBI, and German authorities, announced the successful disruption of RedVDS, a cybercrime-as-a-service entity. RedVDS has facilitated over $40 million in reported fraud losses in the United States alone since early 2025, but its users do steal from other countries too.
The development is quite significant as it is the first time that Microsoft has executed a simultaneous legal disruption in both the United States and the United Kingdom.
RedVDS operated on a subscription model with a low barrier to entry of just $24 per month. With this, cybercriminals could rent disposable virtual computers to launch anonymous attacks. The platform provided unlicensed Windows-based servers, allowing users to bypass geolocation filters and send up to a million phishing emails per day. Attacks had also ben using RedVDS to deploy generative AI tools, including voice cloning and deepfakes, to impersonate executives and real estate agents.
Two real-world victims included H2-Pharma and Gatehouse Dock. H2-Pharma is an Alabama-based pharmaceutical company that lost $7.3 million meant for cancer and allergy medications through a Business Email Compromise (BEC) scheme. Meanwhile, Gatehouse Dock is a Florida condo association which was defrauded of $500,000 intended for essential repairs.
More broadly, since September 2025, over 191,000 organizations worldwide have been hurt by RedVDS-enabled attacks, specifically in the real estate, healthcare, and manufacturing sectors. To fight this, Microsoft and law enforcement seized two primary domains used for the RedVDS marketplace and took its customer portal offline.
Microsoft has also filed a civil action in the Southern District of Florida, with victims H2-Pharma and Gatehouse Dock joining as co-plaintiffs. Law enforcement partners specifically assisting Microsoft were Germany’s ZIT and State Criminal Police and Europol’s EC3, as well as the FBI.
The Redmond Giant, as part of its announcement, emphasized that reporting fraud is critical to dismantling these networks. If nobody reports incidents, then they go unpunished as Microsoft is less likely to hear about actors. Organizations are urged to use Multi-Factor Authentication (MFA) and verify wire transfer requests via a secondary, known phone number to combat Business Email Compromise schemes.