We use cookies to provide some features and experiences in QOSHE

More information  .  Close
Aa Aa Aa
- A +

Inside The Secret Codes Hackers Use To Outwit Ransomware Cops

1 7 0

They used to be a safe space for hackers to coordinate attacks, but with online forums worried about unwanted attention from law enforcement, many have banned ransomware posts. And—as is usually the case in the whack-a-mole game of hacking—cybercriminals are finding a way around the new restrictions: a coded language to bypass suspicion.

By the end of May, multiple hacking forums announced they were banning ransomware hackers and their advertisements following Russian cyberattacks against fuel supplier Colonial Pipeline and meat supplier JBS. Several forum administrators cited the amount of attention the ransomware attacks were getting as a reason to clamp down on those sorts of advertisements. And President Joe Biden warned in May that the U.S. wasn’t ruling out retaliatory cyberattacks against a ransomware gang behind the latest offensive against a massive fuel pipeline in the U.S.

But cybercriminals have gotten creative in the face of these bans, and they are working to do everything but post about ransomware to evade suspicion and still plan their heists, security researchers told The Daily Beast.

One user on XSS and Exploit—both popular cybercriminal forums—has been posting to offer up “help” to other users that had broken into vulnerable companies and had various accesses they could sell for other criminals to use, according to a recent client note security firm Flashpoint shared with customers. The user noted they were looking to assist others that had access through vulnerable virtual private networks (VPNs), for instance, that ostensibly “did not know what to do with them,” according to the note, which was shared with The Daily Beast.

Another user on cybercriminal forum XSS advertised they had “a team of experienced pentesters”—a term meant to denote ethical hacking of businesses to test defenses—looking to buy access to vulnerable corporate networks. That behavior is typical of a ransomware plot, in which attackers worm their........

© The Daily Beast

Get it on Google Play