- Herencia, propósito y creatividad confluyen sobre un manto tecnológico en los irrepetibles UMusic Hotels
- OpenAI, SoftBank, Oracle lead $500B Project Stargate to ramp up AI infra in the US
- 오픈AI, 700조원 규모 'AI 데이터센터' 프로젝트 착수··· 소프트뱅크·오라클 참여
- From Election Day to Inauguration: How Cybersecurity Safeguards Democracy | McAfee Blog
- The end of digital transformation, the rise of AI transformation
Cybercrime Forum Bans Ransomware Activity
A popular cybercrime forum claims to have banned all ransomware activity due to ideological differences and concerns over the amount of publicity that high-profile incidents are generating.
Russian language forum XSS has contributed to the success of Ransomware as a Service (RaaS) groups like Netfilim, REvil, DarkSide and Babuk, by providing a platform to recruit new affiliates, according to Flashpoint.
However, an administrator post late last week claimed that all sales of ransomware and affiliate activity would be prohibited from the site, the threat intelligence vendor reported.
The activity of groups like DarkSide, which recently caused a furore after disrupting fuel supplies on the US East Coast, are generating “too much PR,” escalating geopolitical and law enforcement risk and building a “critical mass of nonsense, hype, and noise,” according to the post.
The geopolitical aspect appears significant: the post apparently argues that when President Putin’s press secretary has to deny Kremlin involvement in attacks, “this is a bit too much.”
Russian cyber-criminals have always been sheltered by the state on the unwritten proviso that attacks are aimed at the country’s strategic foes, such as European and North American countries.
XSS’s decision would seem to suggest some in the community are becoming anxious at the level of scrutiny from the US and other governments that such attacks are drawing.
Flashpoint also claimed that DarkSide released a now-deleted statement claiming that its data leak blog, payment server and DOS servers have been blocked and funds from the payment servers were “withdrawn to an unknown address.”
However, according to a statement from Digital Shadows, forum members have questioned the authenticity of the post.
In the meantime, it’s unlikely that XSS’s decision will impact the ransomware industry.
“Flashpoint assesses with moderate confidence that well-established ransomware collectives — including REvil, LockBit, Avaddon, and Conti — will continue to operate in private mode,” the vendor said.
“Additionally, ransomware collectives will likely begin to advertise recruitment for new affiliates via their own leak sites since many cyber-criminal forums, like XSS, and other similar platforms used for ransomware advertisements will now likely refuse to host their activities.”
