They used to be a safe space for hackers to coordinate attacks, but with online forums worried about unwanted attention from law enforcement, many have banned ransomware posts. And—as is usually the case in the whack-a-mole game of hacking—cybercriminals are finding a way around the new restrictions: a coded language to bypass suspicion.
By the end of May, multiple hacking forums announced they were banning ransomware hackers and their advertisements following Russian cyberattacks against fuel supplier Colonial Pipeline and meat supplier JBS. Several forum administrators cited the amount of attention the ransomware attacks were getting as a reason to clamp down on those sorts of advertisements. And President Joe Biden warned in May that the U.S. wasn’t ruling out retaliatory cyberattacks against a ransomware gang behind the latest offensive against a massive fuel pipeline in the U.S.
But cybercriminals have gotten creative in the face of these bans, and they are working to do everything but post about ransomware to evade suspicion and still plan their heists, security researchers, such as Kurtis Minder, told The Daily Beast.
One user on XSS and Exploit—both popular cybercriminal forums—has been posting to offer up “help” to other users that had broken into vulnerable companies and had various accesses they could sell for other criminals to use, according to a recent client note security firm Flashpoint shared with customers. The user noted they were looking to assist others that had access through vulnerable virtual private networks (VPNs), for instance, that ostensibly “did not know what to do with them,” according to the note, which was shared with The Daily Beast.
Forums aren’t the only ones starting to glom onto the idea that maybe ransomware is too attention-grabbing and not worth the risk—some hackers are beginning to avoid ransomware in their financially motivated crimes, too.