The administration of the popular hacker forum XSS (formerly DaMaGeLab) has banned advertising and sale of any ransomware on its pages.
Groups like REvil, LockBit, DarkSide, Netwalker, Nefilim, and so on have often used the forum to advertise new customer acquisition.
As a result, ransomware affiliate programs, renting such malware and selling lockers are now prohibited on XSS.
Shortly after this publication, representatives of a number of groups expressed their dissatisfaction with what was happening. For example, a LockBit spokesperson left a comment with just one word: “suddenly”.
The representative of REvil, in turn, writes that the group is leaving the forum altogether and moving to another hacker resource – Exploit[.]in.
I must say that a little earlier, the operators of REvil, which is currently one of the largest ransomware on the market, also announced the upcoming changes in their work. The hackers said they intend to stop advertising their RaaS platform and will continue to work privately, that is, with a small group of well-known and trusted persons.
If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key and then promise to stop working with such a “partner”.
Apparently, everything that happens is directly related to the attention of the special services, which has attracted the DarkSide ransomware, which last week attacked the largest pipeline operator in the United States, Colonial Pipeline. This high-profile incident received attention at the highest level: the other day, US President Joe Biden announced that the US authorities intend to interfere with the work of the hacking group.
As a result, representatives of DarkSide said that they had already lost access to their servers and multimillion-dollar ransoms (although the American authorities, it seems, have not yet taken any action) and announced the termination of work.
It seems that the XSS administration and the REvil operators do not want to be the object of the same scrutiny from law enforcement agencies, and are trying to act proactively.
Let me remind you that earlier I wrote that REvil spokesman boasts that hackers have access to ballistic missile launch systems.