The Russian-speaking hacking forum was created with the express purpose of sharing information and knowledge about exploits, zero-day vulnerabilities, malware, and network penetration.
However, it is a well-known fact that this sort of forum has been used to recruit and initiate new members of malicious groups and organizations, albeit this never happened on the forum itself and no one claimed the involvement of XSS.

Most likely the ban has been initiated in order to prevent any unwanted attention in the current international context where RaaS (ransomware as a service) actions have become more and easier to encounter.

Considering recent developments across the globe and with the rise of ransomware attacks, RaaS groups such as REvil, LockBit, DarkSide, Netwalker, Nefilim, and others have continuously used hacking and ethical hacking forums and websites to identify and enlist new partners for their operations.

Revil leaving XSS

Source

The cyber researcher Yelisey Boguslavskiy discovered a post in which the owner of the XSS hacking forum, known as ‘Admin,’ was saying that forum topics promoting ransomware are no longer allowed at the site.

In his announcement, the admin of the XSS forum was very specific and referred to topics treating “Ransomware affiliate programs”, “Ransomware rental”, and the “sale of lockers (ransomware software)” which are now are prohibited

xss-forum-post

Source

A segment of the translated text can be read below:

Degradation on the face. Newbies open up the media, see some crazy virtual millions of dollars that they will never get. They don’t want anything, they don’t learn anything, they don’t code anything, they just don’t even think, the whole essence of coming down to “encrypt – get $”. They just run to GitHub, look for locker sorts there and run to encrypt everything they see. Since our forum is aimed at beginners, this factor is important to us.

Too much PR. Lockers (ransom) have accumulated a critical mass of nonsense, nonsense, hype, noise. When you meet the “Ransomvarny negotiator” Profession, you understand that you are in the looking glass or just crazy. Moreover, 90% of this madness was created artificially, feeding this hype. Those who make good money on this noise (exchanges, insurance, intermediaries, media, etc.)
[…]

Policy and hazard level. Peskov is forced to make excuses in front of our overseas “friends” – this is some kind of nonsense and exaggeration. The word ransom was equated with a number of unpleasant phenomena – geopolitics, extortion, government hacking. This word has become dangerous and toxic.

Lockers will exist for a long time. This phenomenon was too loudly promoted.

Source

The post in question obviously created a decent stir amongst the representatives of multiple ransomware gangs, with them suggesting that their activity will no longer be exposed online and or in plain sight on hacking forums.

Heimdal Official Logo
Neutralize ransomware before it can hit.

Heimdal™ Ransomware Encryption Protection

Specifically engineered to counter the number one security risk to any business – ransomware.
  • Blocks any unauthorized encryption attempts;
  • Detects ransomware regardless of signature;
  • Universal compatibility with any cybersecurity solution;
  • Full audit trail with stunning graphics;
Try it for FREE today Offer valid only for companies.

All the developments described above happened in the context where the Colonial Pipeline system was taken over, therefore some derangements in the supply of diesel and petrol in the US were generated, with the attack being the result of DarkSide encrypting over the Colonial Pipeline operations.

2021.03.11 QUICK READ

What Is an XSS Attack? Definition, Types, Prevention

2019.11.11 INTERMEDIATE READ

Ransomware as a Service (RaaS) – A Contemporary Mal du siècle?

2017.08.08 SLOW READ

A Closer Look at Ransomware Attacks: Why They Still Work

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP