Ransomware group Silent claims to have found a buyer for the data stolen from Versa Networks

Versa Networks

Versa Networks, one of the leading companies in cybersecurity and software-defined networking solutions, has become a target of the ransomware group Silent. The cyberattack dates back to March 2025, but the news only surfaced in mid-April following a post published on the group’s .onion blog.

In an effort to clarify certain aspects of the attack and the group’s strategy, SuspectFile.com submitted a series of questions to Silent, receiving direct answers that both confirm and expand upon the information published in their statement. The questions and responses will be fully reported at the end of this article.

According to Silent, the group had access to the company’s systems for about a month and was able to exfiltrate 764 gigabytes of confidential data. The files have not yet been put up for sale, but the group has set a nine-day deadline from the time of writing: if no financial agreement is reached with Versa, the data will be sold to the highest bidder. Silent claims to have already received a purchase offer but intends to proceed with an auction to maximize profit.

Silent, known for exfiltrating data from its victims, stated that in Versa Networks’ case, no encryption was carried out. The group explained that their operational model is primarily focused on stealing sensitive information, applying public pressure, and negotiating. Selling the data is not an automatic step, but a concrete option if no deal is made with the victim.

When asked if any of the stolen data includes particularly sensitive information, the group replied:

“Yes, there is full employee data”.

Additionally, according to Silent, the exfiltrated documents are not limited to U.S.-based companies but also involve entities located in other countries, including India and the United Kingdom.

The group stated it initially tried to establish direct contact with Versa, negotiating for several weeks:

“We talked for a couple of weeks, but Versa decided not to pay, they wanted to hide the hack. Since only we and some Versa employees knew about the leak. But as we can see, everything did not go according to their plan and it is now costing them dearly”.

In the message published on their .onion blog, Silent directly attacks Versa’s reputation, pointing to a series of severe shortcomings in their security management: vulnerabilities left open for three years, lack of server monitoring, poor network traffic surveillance, and the use of weak passwords such as “Versa123” and “Versa”. The group also claims they were able to remain undetected within the infrastructure for about a month before disclosing the breach to the company themselves.

“Until we ourselves informed them about it, that they were hacked, data was downloaded (developments, clients, investors, settings, finances, confidential documents) and are ready to keep the hack confidential. We always keep our word to companies and try to solve the problem internally until the last day, but they decided to go another way”.

Finally, Silent confirms that the stolen data will not be published on their blog; only the name of the breached company will remain visible.

The attack on Versa Networks highlights the severe vulnerabilities that ransomware groups can exploit, especially when security measures are inadequate. A lack of proper monitoring, the use of weak credentials, and poor server management can compromise the safety of an entire organization. This incident raises concerns about how well companies are prepared to face increasingly sophisticated and targeted cyberattacks.

In Versa’s case, the Silent group demonstrated the ability to operate undisturbed for a full month — enough time to cause serious damage and gather a substantial amount of data. Although the company attempted to manage the situation quietly, the publication of information by the hackers revealed significant flaws in the organization’s cybersecurity strategy. This situation prompts a critical reflection on the effectiveness of the defense strategies employed by companies to prevent and contain incidents of this magnitude.

Ultimately, the attack on Versa Networks underscores the importance of being prepared to respond promptly to cyberthreats and having well-structured contingency plans in place to mitigate damage and protect sensitive data. This case serves as a reminder that cybersecurity must be a top priority for all organizations, regardless of their size or industry.

SuspectFile.com: In addition to the data listed in your statement on your blog, does the stolen information include sensitive records such as medical data, passports, or Social Security Numbers?

Silent: Yes, there is full data on employees.

SuspectFile.com: Are the exfiltrated data related exclusively to individuals working for U.S.-based companies, or do they also involve entities in other countries?

Silent: Yes, the data contains information about them.

SuspectFile.com: If other countries are involved, can you provide an example of which ones?

Silent: India, UK

SuspectFile.com: After the data exfiltration, were Versa’s servers also encrypted?

Silent: The main servers were not encrypted. We are different from other groups. We practically do not encrypt systems, but only download confidential data and report it exclusively to IT personnel.

SuspectFile.com: Is the total volume of exfiltrated data the same as reported on your blog — 764 GB?

Silent: Yes

SuspectFile.com: Were there any negotiations with a Versa representative before your group decided to publish the breach notice on your .onion blog?

Silent: Of course. We talked for a couple of weeks, but Versa decided not to pay, they wanted to hide the hack. Since only we and some Versa employees knew about the leak. But as we can see, everything did not go according to their plan and it is now costing them dearly.

SuspectFile.com: With the deadline approaching, if Versa does not pay the ransom, do you plan to sell the stolen data or also publish part of it on your .onion blog?

Silent: A company has already contacted us about buying the data and offered a price. But we will now put it up for auction, if we find clients at a higher price, we will sell it to them. If not, we will give it to those who want to buy it now. Time will tell. But in any case, we will sell it, since there is a lot of confidential information. The data will not be in the blog, only the name of the company will remain and that’s it.

 

SuspectFile.com has sent an official request for comment to Versa Networks in order to obtain a statement regarding the incident. Should we receive a response from the company, the article will be updated with the information provided.