News

Hackers are driven into underground: three major hack forums banned advertising of ransomware

The ransomware attack on the Colonial Pipeline company has seriously alarmed the cybercriminals and now hackers are driven into underground. Let me remind you that due to the attack of the DarkSide ransomware in the United States, problems arose with the supply of gasoline, diesel fuel, aviation fuel and other refined products, and an emergency regime was introduced in a number of states.

This high-profile incident received attention at the highest level: US President Joe Biden said that the US authorities intend to interfere with the work of the hack group. As a result, DarkSide members announced that they had lost access to their servers and multi-million dollar ransoms and hastily announced the termination of work.

The excessive attention of the authorities did not appeal to many. So, hot on the heels of this incident, the administration of the hacker forums XSS and Exploit prohibited advertising and selling any ransomware on their resources. The XSS spokesman wrote that the word “ranso” these days has become too dangerous and toxic.

Now, another major hacking forum, RAID, has joined the ransomware ban. While XSS and Exploit hosted advertisements for larger hack groups, RAID usually advertised aspiring ransomware.

The events could not but affect the hacker groups themselves. For example, the Darkside ransomware stopped working, as mentioned above, and the operators of REvil, which is one of the largest ransomware on the market at the moment, announced that they intend to stop advertising their RaaS platform and will continue to work only privately, that is, with a small group of famous and trusted people.

REvil also plans to stop attacking important social sectors, including healthcare, education and government networks around the world, as such attacks could draw unwanted attention to the group’s work. If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key, and then promise to stop working with such a “partner”.

Let me remind you that we wrote that Creators of REvil (Sodinokibi) claim to have sold Donald Trump’s data.

Following REvil, the developers of another major ransomware, Avaddon, announced practically similar measures and restrictions.

Smaller ransomware groups have more serious problems. So, over the weekend at least two hack groups, Ako (Razny) and Everest, seem to have closed their activities altogether.

Let me remind you that we also wrote Emotet botnet self-destructed on all infected machines.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

View Comments

  • […] the Avaddon ransomware, whose keys were also published, stopped working. Earlier this month, the hack group El_Cometa, […]

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

9 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

9 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

9 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

9 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

13 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

13 hours ago