The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned the advertising and sale of any ransomware on the site. Although groups such as REvil, LockBit, DarkSide, Netwalker, Nefilim and so on often used the forum to advertise new customer acquisition.
“The main purpose of the DaMaGeLab forum is knowledge. We are a technical forum, we learn, research, share knowledge, write interesting articles. The goal of Ransomware is just to make money. The goals are not the same. No, of course, everyone needs money, but not to the detriment of basic aspirations. We are not a market or a marketplace.
Degradation on the face. Newbies open the media, see there some crazy virtual millions of dollars that they will never receive. They don’t want anything, they don’t learn anything, they don’t code anything, they just don’t even think, the whole essence of being comes down to “encrypt – get $”, ”writes the XSS administrator in his statement (the full version can be seen below).
As a result, extortionate affiliate programs, renting such malware and selling lockers are now prohibited on XSS.
Shortly after this publication, representatives of a number of groups expressed their dissatisfaction with what was happening. For example, a LockBit spokesperson left a comment with just one word: “suddenly.”
The representative of REvil, in turn, writes that the group leaves the forum altogether and moves to another hacker resource – Exploit [.] In.
I must say that a little earlier the operators of REvil, which is one of the largest ransomware on the market at the moment, also announced the upcoming changes in their work. The hackers said they intend to stop advertising their RaaS platform and will continue to work privately, that is, with a small group of well-known and trusted persons.
REvil also plans to stop attacking important social sectors, including healthcare, education and government networks around the world, as such attacks could draw unwanted attention to the group’s work. If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key, and then promise to stop working with such a “partner”.
Apparently, everything that happens is directly related to the attention of the special services, which has attracted the DarkSide ransomware, which last week attacked the largest pipeline operator in the United States, Colonial Pipeline. This high-profile incident received attention at the highest level: the other day, US President Joe Biden announced that the US authorities intend to interfere with the work of the hack group, and for this, negotiations have already been held with Moscow.
As a result, representatives of DarkSide said that they had already lost access to their servers and multimillion-dollar ransoms (although the American authorities, it seems, have not yet taken any action) and announced the termination of work.
It seems that the XSS administration and the REvil operators do not want to be the object of the same scrutiny from law enforcement agencies, and are trying to be proactive.
UPD.
The Exploit [.] In administration also announced that it prohibits advertising of any ransomware on its forum. Admins explain this by the fact that lockers “attract a lot of attention.”