The ransomware attack on the Colonial Pipeline company has seriously alarmed the criminal underground. Let me remind you that due to the attack of the DarkSide ransomware in the United States, problems arose with the supply of gasoline, diesel fuel, aviation fuel, and other refined products, and an emergency regime was introduced in a number of states.
This high-profile incident received attention at the highest level: US President Joe Biden said that the US authorities intend to interfere with the work of the hacking group, and for this, negotiations have already been held with Moscow. As a result, DarkSide members announced that they had lost access to their servers and multi-million dollar ransoms and hastily announced the termination of work.
The excessive attention of the authorities did not appeal to many. For example, last week we talked about the fact that, hot on the heels of this incident, the administration of the XSS and Exploit hacker forums banned any ransomware programs from being advertised and sold on their resources. The XSS spokesman wrote that the word “ransom” these days has become too dangerous and toxic.
Now, another major hacking forum, RAID, has joined the ransomware ban. Whereas XSS and Exploit advertised larger hack groups, RAID usually advertised beginner ransomware.
What was happening could not but affect the hacker groups themselves? For example, the Darkside ransomware stopped working, as mentioned above, and the operators of REvil, which is one of the largest ransomware on the market at the moment, announced that they intend to stop advertising their RaaS platform and will continue to work only privately, that is, with a small by a group of famous and trusted persons.
REvil also plans to stop attacking important social sectors, including healthcare, education, and government networks around the world, as such attacks could draw unwanted attention to the group’s work. If one of the clients nevertheless attacks a “forbidden” company or organization, the hackers intend to provide the victims with a free decryption key and then promise to stop working with such a “partner”.
Following REvil, the developers of another major ransomware, Avaddon, announced practically similar measures and restrictions.
Smaller ransomware groups have more serious problems. So, over the weekend at least two hack groups, Ako (Razny) and Everest, seem to have closed their activities altogether.
ProApk on Google News – http://bit.ly/pro-apk-google-news
ProApk on Telegram – http://t.me/proapk_in
ProApk on Twitter – http://twitter.com/xdapirates
ProApk on Facebook – http://bit.ly/pro-apk-facebook