Hackers are driven into underground: three major hack forums banned advertising of ransomware

The ransomware attack on the Colonial Pipeline company has seriously alarmed the cybercriminals and now hackers are driven into underground. Let me remind you that due to the attack of the DarkSide ransomware in the United States, problems arose with the supply of gasoline, diesel fuel, aviation fuel and other refined products, and an emergency regime was introduced in a number of states.

This high-profile incident received attention at the highest level: US President Joe Biden said that the US authorities intend to interfere with the work of the hack group. As a result, DarkSide members announced that they had lost access to their servers and multi-million dollar ransoms and hastily announced the termination of work.

The excessive attention of the authorities did not appeal to many. So, hot on the heels of this incident, the administration of the hacker forums XSS and Exploit prohibited advertising and selling any ransomware on their resources. The XSS spokesman wrote that the word “ranso” these days has become too dangerous and toxic.

Now, another major hacking forum, RAID, has joined the ransomware ban. While XSS and Exploit hosted advertisements for larger hack groups, RAID usually advertised aspiring ransomware.

Hackers driven into underground

The events could not but affect the hacker groups themselves. For example, the Darkside ransomware stopped working, as mentioned above, and the operators of REvil, which is one of the largest ransomware on the market at the moment, announced that they intend to stop advertising their RaaS platform and will continue to work only privately, that is, with a small group of famous and trusted people.

REvil also plans to stop attacking important social sectors, including healthcare, education and government networks around the world, as such attacks could draw unwanted attention to the group’s work. If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key, and then promise to stop working with such a “partner”.

Let me remind you that we wrote that Creators of REvil (Sodinokibi) claim to have sold Donald Trump’s data.

Following REvil, the developers of another major ransomware, Avaddon, announced practically similar measures and restrictions.

Hackers driven into underground

Smaller ransomware groups have more serious problems. So, over the weekend at least two hack groups, Ako (Razny) and Everest, seem to have closed their activities altogether.

Let me remind you that we also wrote Emotet botnet self-destructed on all infected machines.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button