Microsoft turns to UK courts to shut down cybercrime host RedVDS

TL;DR

Microsoft has filed parallel civil actions in the US and the UK to disrupt RedVDS, a low-cost virtual desktop service that it says powered large-scale phishing and fraud. The company and law enforcement have seized domains and infrastructure as part of a cross-border operation involving Europol and German authorities.

What happened

Microsoft's Digital Crimes Unit opened major civil actions in both the United States and the United Kingdom aimed at dismantling RedVDS, a service that rented disposable virtual dedicated servers to criminals. The company says it took RedVDS's marketplace and customer portal offline and worked with law enforcement partners to seize two domains serving the service, replacing them with a seizure notice. Microsoft alleges the platform rented infrastructure from at least five hosting providers across the US, Canada, the UK, France and the Netherlands and that criminals used the service to send massive volumes of phishing messages, hijack accounts and run scams. The company reports roughly $40 million in reported fraud losses in the US tied to RedVDS activity and says more than 191,000 organizations worldwide were compromised or accessed fraudulently since September 2025. Microsoft is pursuing the service in court while continuing joint technical disruption with Europol and German law enforcement.

Why it matters

• Low-cost 'disposable' virtual desktops can make large-scale phishing and fraud economically viable and hard to trace.
• Civil legal actions plus coordinated seizures demonstrate a cross-border approach to disrupting cybercrime infrastructure.
• Shutting down infrastructure-for-hire platforms can disrupt multiple criminal groups at once rather than targeting single gangs.
• Public seizure notices and court filings may create legal precedents for tech companies pursuing similar disruptions outside their home jurisdiction.

Key facts

• Microsoft filed parallel civil suits in the US and the UK against RedVDS.
• Two domains used for RedVDS's marketplace and customer portal were seized and replaced with a Microsoft notice.
• RedVDS reportedly sold access to disposable virtual dedicated servers for as little as $24 per month.
• Microsoft attributes roughly $40 million in reported US fraud losses to RedVDS-enabled activity.
• Since September 2025, Microsoft says RedVDS activity led to compromise or fraudulent access of more than 191,000 organizations worldwide.
• In one month, more than 2,600 RedVDS virtual machines reportedly sent an average of 1 million phishing messages per day to Microsoft customers.
• Microsoft alleges RedVDS rented hosting from at least five providers across the US, Canada, the UK, France and the Netherlands.
• Two named victims—H2-Pharma (Alabama) and Gatehouse Dock Condominium Association (Florida)—lost about $7.3 million and nearly $500,000 respectively and are co-plaintiffs.
• Microsoft says the operator is tracked as 'Storm-2470' but no individuals have been publicly identified.

What to watch next

• Legal outcomes and rulings in the UK and US civil cases against RedVDS (not confirmed in the source).
• Whether law enforcement identifies, arrests or extradites individuals linked to Storm-2470 (not confirmed in the source).
• Any follow-on seizures or technical disruptions targeting remaining RedVDS infrastructure or reseller networks (not confirmed in the source).

Quick glossary

• Virtual desktop: A remote, software-based desktop environment hosted on a server that users access over the internet.
• Phishing: A form of online fraud where attackers send deceptive messages to trick recipients into revealing credentials or sending money.
• Civil action: A non-criminal legal proceeding brought by a private party or company seeking remedies like injunctions or damages.
• Europol: The European Union Agency for Law Enforcement Cooperation that supports cross-border criminal investigations among EU member states.
• Virtual machine (VM): A software emulation of a physical computer that runs an operating system and applications in isolation from the host machine.

Reader FAQ

What was RedVDS used for?
Microsoft says criminals rented disposable virtual servers from RedVDS to run phishing campaigns, hijack accounts and commit scams.

Has anyone been arrested in connection with RedVDS?
Not confirmed in the source.

Did Microsoft seize RedVDS domains?
Yes. Microsoft and partners seized two domains used for the RedVDS marketplace and customer portal and displayed a seizure notice.

Has Microsoft identified the operator?
Microsoft tracks the operator as 'Storm-2470,' but no individuals have been publicly named according to the source.

CYBER-CRIME 1 Microsoft taps UK courts to dismantle cybercrime host RedVDS Redmond says cheap virtual desktops powered a global wave of phishing and fraud Carly Page Thu 15 Jan 2026 // 11:32 UTC Microsoft…

Sources

• Microsoft taps UK courts to dismantle cybercrime host RedVDS
• Microsoft DCU uses UK courts to hunt down cyber criminals
• Microsoft just took down notorious cyber crime marketplace …
• Microsoft disrupts RedVDS cybercrime platform behind $40 …

Related posts

• Hundreds of Millions of Audio Devices Require Patches to Stop Bluetooth Hacking
• Wikipedia at 25: Facing Political Backlash, AI Scraping, and Volunteer Decline
• Microsoft’s ‘From SA’ program under scrutiny as license resale dispute continues