Scary person

One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention.

XSS is a Russian-speaking hacking forum created to share knowledge about exploits, vulnerabilities, malware, and network penetration.

With the rise of ransomware, Ransomware-as-a-Service (RaaS) gangs, such as REvil, LockBit, DarkSide, Netwalker, Nefilim, have increasingly been using the forum to enlist new affiliates/partners to their operation.

After DarkSide encrypted Colonial Pipeline and disrupted the U.S. fuel pipeline's operation, law enforcement and security researchers have been increasingly scrutinizing the ransomware gang and sites that promote it.

In a forum post discovered by Advanced Intel's Yelisey Boguslavskiy, the owner of the XSS hacking forum, known as 'Admin,' posted today that forum topics promoting ransomware are no longer allowed at the site.

Forum post banning ransomware topics
Forum post banning ransomware topics

This post states that all "Ransomware affiliate programs", "Ransomware rental", and the "sale of lockers (ransomware software)" are prohibited, and any existing topics will be deleted.

The reason for the ban is that the owner feels that ransomware brings unwanted attention to the site and "has become dangerous and toxic."

You can read a portion of the translated text below:

"Degradation on the face. Newbies open up the media, see some crazy virtual millions of dollars that they will never get. They don't want anything, they don't learn anything, they don't code anything, they just don't even think, the whole essence of being comes down to "encrypt - get $". They just run to github, look for locker sorts there and run to encrypt everything they see. Since our forum is aimed at beginners, this factor is important to us.

Too much PR. Lockers (ransom) have accumulated a critical mass of nonsense, nonsense, hype, noise. When you meet the " Ransomvarny negotiator " Profession , you understand that you are in the looking glass or just crazy. Moreover, 90% of this madness was created artificially, feeding this hype. Those who make good money on this noise (exchanges, insurance, intermediaries, media, etc.)

Policy and hazard level. Peskov is forced to make excuses in front of our overseas "friends" - this is some kind of nonsense and exaggeration. The word ranso was equated with a number of unpleasant phenomena - geopolitics, extortion, government hacking. This word has become dangerous and toxic.

Lockers will exist for a long time. This phenomenon was too loudly promoted."

Ransomware gangs not happy

Shortly after the posting of the topics, representatives of the REvil ransomware gangs showed their displeasure. 

Post by REvil representative
Post by REvil representative
Post by LockBit operator
Post by LockBit operator

With ransomware gang's core members keeping a low profile, law enforcement targets the affiliates to weaken or force an operation to close down.

As more hacking communities make ransomware operations unwelcome, it will become harder for RaaS operations to recruit new affiliates and promote their activities.

Related Articles:

INC ransomware source code selling on hacking forums for $300,000

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Attacks on Citrix NetScaler systems linked to ransomware actor

New Ymir ransomware partners with RustyStealer in attacks

Halliburton reports $35 million loss after ransomware attack