A second Russian-language hacking forum bans ransomware-related ads, and the first claim is filed against DarkSide

Earlier today, this site reported that XSS forum had banned any ransomware-related ads and would be deleting threads and posts. Hours later, Exploit.in followed suit. Good day, We are glad to see pentesters, specialists, coders. But they are not happy with lockers, they attract a lot of attention. The very type of activity is not pleasant to us in view of the fact that everything is located in a row, we do not consider it advisable to be present on our forum, partner programs of lockers. It was decided to remove all affiliate programs and prohibit them as a type of activity on our forum. All topics related to lockers will be deleted. While the reaction to the announcement was somewhat mixed and generated more heat than the discussion on XSS after it issued its announcement, one supporter of the Exploit.in announcement was DarkSide, who endorsed it as the “correct solution.” “UNKN” of REvil also participated in the reactions to the announcement, claiming “we will not hide – we are delighted. We receive the ads of all closed partners.” First Affiliate Claim Filed Against DarkSide Some have suggested that DarkSide might be engaging in an exit scam or may run to ground, hiding in fear. This blogger expected them to put their heads down and get to work — but not to run and hide.  It came as no surprise to find that DarkSupp was visibly present on both Russian-language forums today. And today, on XSS.is, the first claim for reimbursement from them was posted.  A user, “qwerty1” who created a new account “for my own safety,” submitted a claim to the admin., under the rules of the forum. The claim did not include the name of the target or victim, or the amount of ransom paid or claimed amount due, but summarized the situation: …I am a pentester and worked with the DarkSide affiliate network, the other day a company network was installed which paid in the amount of N btc, under the terms of the PP DarkSide 80% of the ransom in my direction. After payment, the support reported that they did not have access to the server where the payment was hosted, and after that the PP announced it was closed. As a result, the target paid, but I did not receive my share, please pay my share in the amount of N1. The amounts are indicated personally to the admin. Black is needed to pay out funds from the deposit, the PP is not against covering the funds from the deposit and regrets the situation served. The claimant correctly noted that DarkSide was not opposed to covering the claim from the funds on deposit with the forum. As part of its notice to affiliates,  DarkSide had informed them that: The following actions will be taken to solve the current issue: You will be given decryption tools for all the companies that haven’t paid yet. After that, you will be free to communicate with them wherever you want in any way you want. Contact the support service. We will withdraw the deposit to resolve the issues with all the affected users. The approximate date of compensation is May 23 (due to the fact that the deposit is to be put on hold for 10 days on XSS). In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck. DarkSide had deposited 23 BTC with XSS.is in November, 2020, and was online in XSS.is after the first claim was posted. Could they just remove the deposit and pull an exit scam? Yes, of course. 23 BTC is $1.1 million. But if I were a betting woman, I’d bet that DarkSide will honor their word or come up with some plan to compensate affiliates for at least some of what was seized or redirected. Could their claim that money was redirected to an unknown account be a lie so that they could just keep all the money themselves? Sure — at least until the government issues some statement that mentions the money and what happened to it.  But for now, I still predict that they will try to compensate affiliates and that we will see them again, although not as “DarkSide.”DataBreaches.netRead More