Microsoft's legal case against RedVDS is the latest action it has taken to disrupt cybercrime-as-a-service.TINGSHU WANG/Reuters
Microsoft Corp. MSFT-Q says it has taken legal action against a subscription service that has allegedly been fuelling cybercrime around the world, including in Canada.
The Redmond, Wash., tech giant said a court has authorized it to seize the domains associated with RedVDS, an online service selling access to virtual private servers that Microsoft alleges are being used by cybercriminals.
Canada is the second-most targeted country, after the United States, by the cybercriminals allegedly using RedVDS, Microsoft said.
Microsoft’s legal case against RedVDS, which was unsealed on Wednesday, is the latest in the company’s continuing efforts to disrupt the growing ecosystem of what’s known as cybercrime-as-a-service.
“Cybercrime runs on shared services, kind of like traditional, legitimate businesses. This action is about taking away the systems and the infrastructure that the criminals rely upon, instead of just trying to chase the individual actors,” said Steven Masada, assistant general counsel and director of Microsoft’s Digital Crimes Unit.
“RedVDS is one of those facilitators. It’s an enabler used by hundreds of cybercriminals around the world to deploy a wide array of cybercrimes – mass phishing, payment diversion fraud, traditional fraud and scams, you name it.”
Fraud group targeting Canadians with toll and parking scams, warns Montreal cybercrime firm
Payment diversion fraud occurs when criminals gain unauthorized access to e-mail accounts, then monitor conversations until they spot an opportunity to intercept a payment by diverting the funds to their own accounts.
In the real estate industry, for instance, attackers target the accounts of realtors, escrow agents or title companies, sending strategically timed e-mails with fraudulent payment instructions in an attempt to get their hands on closing funds. Microsoft said it has seen activity enabled by RedVDS affecting more than 9,000 customers in the real estate sector, with Canada and Australia particularly affected.
“RedVDS uses unlicensed or pirated copies of Windows software in order to create these low-cost, disposable virtual computers, which it then essentially leases to cybercriminals for as little as $24 a month,” Mr. Masada said.
Additionally, some of the victims targeted by the criminals using RedVDS are Microsoft customers. Mr. Masada said 15,750 Microsoft customer e-mail accounts were accessed or compromised through cyberattacks enabled by RedVDS just in the last three months of 2025.
Canada urged to not sign ‘deeply flawed’ UN cybercrime treaty
The U.S., Canada and other English-speaking countries are prime targets because of their wealth, Mr. Masada said.
“Cybercriminals – especially financially motivated cybercriminals – follow the money. That’s what they’re motivated by. And they know where the money is located,” he said.
Microsoft filed lawsuits in Britain as well as in the United States District Court for the Southern District of Florida. The company also worked with German law enforcement, which seized the servers powering RedVDS. The combined efforts resulted in the takedown of the RedVDS marketplace, Mr. Masada said.
The company is continuing to work with international law enforcement, including Europol, to disrupt the network of servers and payment services that supported customers of RedVDS.
Mr. Masada said the company hopes the legal process will allow it to discover who is behind the subscription service.
“We believe that the primary actors are based in the Middle East,” he said.