Microsoft Cracks Down on RedVDS in Major Cybercrime Marketplace Takedown

Microsoft has teamed up with international law enforcement to dismantle RedVDS, a cybercrime platform tied to more than $40 million in reported U.S. losses. The takedown exposes how this global crime-as-a-service marketplace enabled criminals to rent cheap, disposable virtual machines for AI-driven scams and large-scale fraud.

How did RedVDS operate as a cybercrime-as-a-service platform?

Microsoft has worked with the U.S. and U.K. courts as well as German authorities and Europol to seize RedVDS infrastructure and take its marketplace offline. It was a global cybercrime‑as‑a‑service marketplace that offered criminals low‑cost, disposable virtual computers designed to make fraud cheap, scalable, and extremely difficult to trace.

The RedVDS service could allow cybercriminals access to anonymous virtual machines for as little as $24 per month to conduct scams, impersonation attacks, and other AI‑enabled criminal operations with minimal risk. This service became a major driver behind a surge in cyber‑enabled fraud, which contributed to at least $40 million in reported losses in the United States.

Microsoft said RedVDS attacks enabled business email compromise (BEC), which allows criminals to infiltrate email accounts, monitor ongoing conversations, and redirect payments by posing as trusted contacts. The criminals then amplified these schemes with Generative AI and used it to craft more convincing messages, create realistic multimedia impersonations, and deceive victims.

“In these schemes, attackers gain unauthorized access to email accounts, quietly monitor ongoing conversations, and wait for the right moment, such as an upcoming payment or wire transfer,” Microsoft explained. “At that point, they impersonate a trusted party and redirect funds, often moving the money within seconds.”

The role of disposable virtual machines in AI-powered fraud

RedVDS offered cybercriminals disposable virtual computers for as little as $24 a month, which gave them inexpensive, anonymous environments to carry out large‑scale attacks with minimal risk. These virtual machines frequently used unlicensed Windows software, which made it even easier for bad actors to operate without scrutiny. The service played a major role in expanding AI‑enabled fraud, including real estate scams and other schemes targeting individuals, organizations, and communities worldwide.

Since March 2025, RedVDS‑linked activity led to about $40 million in reported fraud losses in the United States. However, actual global losses are likely much higher because many victims never report incidents.

Real-world victims and financial impact

According to Microsoft, the RedVDS‑enabled fraud targeted H2‑Pharma, which lost more than $7.3 million intended for critical, lifesaving medications. Moreover, the Gatehouse Dock Condominium Association was deceived out of nearly $500,000 in essential repair funds. Microsoft mentioned that both organizations have joined it as partners in the civil action.

“We are deeply grateful to H2– -Pharma and the Gatehouse Dock Condominium Association for their willingness to come forward and share their experiences. Their cooperation, combined with Microsoft’s threat intelligence, made this action possible and will help protect future victims. Falling victim to a scam should never carry stigma. These attacks are executed by organized, professional criminal groups that intercept and manipulate legitimate communications between trusted parties,” Microsoft added.

How to reduce risk from AI-enabled fraud?

Organizations can better protect themselves from RedVDS‑style threats by strengthening their defenses against phishing and business email compromise. Microsoft recommends that security teams slow down and question the urgency of unexpected emails, call known contacts using verified phone numbers to confirm any payment‑related messages, and verify all financial requests independently. Moreover, organizations should enable multifactor authentication (MFA) across sensitive accounts and keep all software updated to reduce the chances of exploitation.

These precautions are especially important given how criminals using RedVDS paired their operations with generative AI to craft convincing messages, impersonate trusted individuals, and manipulate financial transactions. Organizations should adopt these security habits and maintain vigilance to significantly lower the risk of falling victim to similar cyber‑enabled fraud schemes.