Following the disruptive cyberattack on Colonial Pipeline, ransomware has drawn great media attention. Soon after DarkSide made it to the news for this attack, the gang lost access to its servers shortly after security personnel assured of the takedown. Consequently, cybercrime forums, considering how ransomware can draw attention, put a ban on ransomware-related ads or discussions.
Cybercrime Forums Ban Ransomware-Related Stuff
Reportedly, right after DarkSide announced its departure following the loss of its servers, the Russian cybercrime forum XSS has put a ban on all ransomware-related discussions.
According to the post from the XSS admin, discovered by Advanced Intel’s Yelisey Boguslavskiy, the XSS admin announced a complete ban on RaaS related topics. Also, the forum admin decided to remove all RaaS related threads.
Translating from the post the main reason behind this decision, Boguslavskiy tweeted,
The decision largely remained unwelcomed. And, soon after, the REvil ransomware gang announced their departure from the forum.
While that was enough to cause a stir, another forum, Exploit, made a similar announcement shortly. Something REvil already hinted in their departure note.
As noticed, Exploit admin also decided to ban RaaS related ads. They further explained to remove all ransomware affiliate programs and all previous threads from the forum.
Joining these two cybercrime forums, Raid Forums also announced banning ransomware-related posts.
Perhaps, the forums took these steps to avoid drawing unsolicited attention from the US LEAs following the Colonial Pipeline fiasco.
While it remains unclear how RaaS operators will now manage promotions, what’s evident is a shift in their target list.
For instance, Avaddon and REvil, two disruptive ransomware gangs, have announced to become somewhat ethical (pun intended) in targeting victims.
Avaddon announced not to target healthcare, educational, and social infrastructure.
Whereas, REvil, also announced to refrain from targeting social and government sectors.
These announcements came shortly after DarkSide admitted the loss of control over its infrastructure.
However, if the trend on cybercrime forums to prohibit ransomware promotions continues, RaaS operations may face trouble continuing their activities.