One of the top-rated Russian speaking hacker forums named “XSS” has eventually banned all the topics that were promoting ransomware on its platform. This significant step has been taken to cease unnecessary attention.
XSS is a Russia-based hacking forum that was created for sharing knowledge regarding exploits, malware, vulnerabilities and network penetration. As the ransomware has risen, various Ransomware-as-a-service gangs have cropped up, namely DarkSide, LockBit, Nefilim, Netwalker, REvil and more. All of these malicious actors have been rigorously using this platform for enlisting new partners and affiliates to their operation.
The encryption of the Colonial Pipeline by the DarkSide Malware gang had utterly disrupted the U.S. fuel pipeline’s operation. Law enforcement agencies and security researchers have been continuously scrutinizing the ransomware gang and all the websites that promote it.
Yelisey Boguslaviskiy of Advanced Intel discovered a forum post. The post disclosed that the XSS Russian hacking forum owner known as “Admin” had posted that the forum topics that directly promoted ransomware are no longer permitted at the site.
The post clearly mentions that all the “Ransomware rental”, “Ransomware Affiliate Programs”, as well as the “Sale of Lockers (Ransomware Software)” have been prohibited, and all the existing topics will be deleted. The topic ban was due to the fact that the owner feels ransomware induces unwanted attention to the website and slowly became “dangerous and toxic”.
A portion of the post from the XSS forum has been translated below:
“Degradation on the face. Newbies open up the media, see some crazy virtual millions of dollars that they will never get. They don’t want anything, they don’t learn anything, they don’t code anything, they just don’t even think, the whole essence of coming down to “encrypt – get $”. They just run to GitHub, look for locker sorts there and run to encrypt everything they see. Since our forum is aimed at beginners, this factor is important to us.
Too much PR. Lockers (ransom) have accumulated a critical mass of nonsense, nonsense, hype, noise. When you meet the “Ransomvarny negotiator” Profession, you understand that you are in the looking glass or just crazy. Moreover, 90% of this madness was created artificially, feeding this hype. Those who make good money on this noise (exchanges, insurance, intermediaries, media, etc.)
Policy and hazard level. Peskov is forced to make excuses in front of our overseas “friends” – this is some kind of nonsense and exaggeration. The word ransom was equated with a number of unpleasant phenomena – geopolitics, extortion, government hacking. This word has become dangerous and toxic. Lockers will exist for a long time. This phenomenon was too loudly promoted.”
Shortly following the posting of the topics, the REvil ransomware and LockBit ransomware gangs representatives had disclosed their displeasure. The ransomware gangs’ core members keep a low profile. At the same time, the law enforcement agencies have targeted the affiliates for weakening or forcing an operation to shut down.
With more hacking communities like XSS eradicating the ransomware operations, it will be challenging for the RaaS operations to recruit new affiliates while promoting their activities.
Source: Bleeping Computer
Disclaimer: Read the complete disclaimer here.