Hacker XSS Forum Banned Ransomware Ads

The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned advertising and sale of any ransomware on its pages.

Groups like REvil, LockBit, DarkSide, Netwalker, Nefilim, and so on have often used the forum to advertise new customer acquisition.

The main purpose of the DaMaGeLab forum is knowledge. We are a technical forum, we learn, research, share knowledge, write interesting articles. The goal of Ransomware is just to make money. The goals are not the same. No, of course, everyone needs money, but not by the cost of basic aspirations. We are not a market or a marketplace. Degradation on the face. Newbies open up the media, see some crazy virtual millions of dollars that they will never get. They don’t want anything, they don’t learn anything, they don’t code anything, they just don’t even think, the whole essence of coming down to “encrypt – get $”.the XSS administrator writes in his statement.

As a result, ransomware affiliate programs, renting such malware and selling lockers are now prohibited on XSS.

Shortly after this publication, representatives of a number of groups expressed their dissatisfaction with what was happening. For example, a LockBit spokesperson left a comment with just one word: “suddenly”.

The representative of REvil, in turn, writes that the group is leaving the forum altogether and moving to another hacker resource – Exploit[.]in.

I must say that a little earlier, the operators of REvil, which is currently one of the largest ransomware on the market, also announced the upcoming changes in their work. The hackers said they intend to stop advertising their RaaS platform and will continue to work privately, that is, with a small group of well-known and trusted persons.

REvil plans to stop attacking important social sectors, including healthcare, education, and government networks anywhere in the world, as such attacks could draw unwanted attention to the group’s work.operators REvil write.

If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key and then promise to stop working with such a “partner”.

Apparently, everything that happens is directly related to the attention of the special services, which has attracted the DarkSide ransomware, which last week attacked the largest pipeline operator in the United States, Colonial Pipeline. This high-profile incident received attention at the highest level: the other day, US President Joe Biden announced that the US authorities intend to interfere with the work of the hacking group.

As a result, representatives of DarkSide said that they had already lost access to their servers and multimillion-dollar ransoms (although the American authorities, it seems, have not yet taken any action) and announced the termination of work.

It seems that the XSS administration and the REvil operators do not want to be the object of the same scrutiny from law enforcement agencies, and are trying to act proactively.

Let me remind you that earlier I wrote that REvil spokesman boasts that hackers have access to ballistic missile launch systems.

By Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Leave a comment

Your email address will not be published. Required fields are marked *