SOCRadar® Cyber Intelligence Inc. | AnonFiles Forced to Shut Down Due to Surge of Malicious Utilization


Aug 17, 2023
5 Mins Read

AnonFiles Forced to Shut Down Due to Surge of Malicious Utilization

[Update] August 18, 2023: The effects of the AnonFiles service’s closure have started coming into view. See the subheading: “Challenges Arise for 8Base Ransomware Following the Closure of AnonFiles.”

[Update] October 20, 2023: See the subheading: “AnonFiles Makes a Comeback with New Website, Offers Old Download Links for Sale.”

The popular file sharing service, AnonFiles, known for enabling users to share files anonymously and without activity logging, has ceased its operations. 

The service had been abused by a large number of users, ultimately resulting in its shutdown. Particularly, threat actors had taken advantage of AnonFiles as a platform to disseminate various forms of stolen data.

AnonFiles’ Statement About the Shutdown

Users of AnonFiles have recently raised concerns about encountering timeouts while attempting to upload files. An official announcement from AnonFiles clarified that their proxy provider had terminated their services. The reason cited was the inability to manage the overwhelming volume of abusive content that had been consistently uploaded to the site.

Read the full statement below:

Statement on anonfiles[.]com
Statement on anonfiles[.]com

AnonFiles: More Than Just Files, a Mix of Troubles

AnonFiles was a useful file sharing site for many users. However, some users raised concerns about the site’s use of questionable advertisers that often led to malware, tech support scams, and unwanted browser extensions for Google Chrome and Firefox.

For instance, when trying to download a file from the website, users often found themselves redirected to a site that downloaded an ISO file with the same name as the intended download. Unfortunately, these ISO files contained various types of malware, including software meant to steal information, remote access trojans, and ad clickers.

AnonFiles also carried a dual nature owing to its availability on the clear web, which enhanced accessibility. This characteristic posed a disadvantage when pondering the distribution of stolen data by ransomware threat actors, as it enabled the spread of extorted data to a larger audience.

Now, the operators of AnonFiles are actively looking for someone to buy their domain, presumably to launch a new file sharing service. However, during this transition, the shutdown will result in many files becoming inaccessible. This will impact both cybersecurity researchers and malicious threat actors who used the platform.

In 2021, researcher Germán Fernández highlighted the malvertising on AnonFiles, warning about the distribution of the RedLine Stealer – a notorious information-stealing malware targeting credentials and cryptocurrency wallets.

In addition, AnonFiles experienced other malvertising campaigns that promoted search hijacking extensions, the Amadey botnet, Vidar stealer, and even the STOP ransomware. 

Potential Implications After AnonFiles’ Closure 

One significant concern might revolve around companies whose data was exclusively shared by threat actors through this platform. In the aftermath of shutdown — particularly on a platform like AnonFiles where data is presumed to remain accessible — threat actors might lose interest in dumping the victim’s data. From a victim’s standpoint, this shift in threat actor behavior could potentially work to their advantage.

Furthermore, the shutdown of such platforms inevitably creates room for new ones to rise in their place. This transition could lead to the emergence of fresh file sharing sites, operating under similar patterns. Additionally, there is the possibility of phishing sites being established, mimicking the appearance and functionality of AnonFiles.

Challenges Arise for 8Base Ransomware Following the Closure of AnonFiles

The effects of the AnonFiles’ closure have started coming into view.

The 8Base ransomware group employed AnonFiles as amirror backup for the files they pilfered during their ransomware operations. Since the file sharing service is no longer functioning, the ransomware group has clarified that a majority of their file links are now invalid, causing them to face difficulties.  

You can read the group’s statement below, which they posted on their Telegram channel:

8Base’s statement after closure of AnonFiles (vx-underground)
8Base’s statement after closure of AnonFiles (vx-underground)

AnonFiles Makes a Comeback with New Website, Offers Old Download Links for Sale

In a recent update, AnonFiles has revealed its intention to sell all old download links from its previous AnonFiles infrastructure. The announcement, posted on their Telegram channel, states that these download links have been incorporated into a Torrent link. They emphasized that they will only cooperate with serious buyers interested in acquiring these links. 

AnonFiles’ announcement about the sale of old links
Announcement about the sale of old links

In early October, AnonFiles’ new platform sprung to life, marking its return after the troubles it faced with threat actors, resulting in the shutdown of their previous website. The platform’s staff shared donation links on their Telegram channel on October 7, openly accepting Bitcoin (BTC) and Monero (XMR) cryptocurrencies.

Announcement of the new website
Announcement of the new website

This resurgence suggests a fresh beginning for the file sharing platform, and its revival could potentially reshape the landscape of anonymous file sharing on the web. Furthermore, AnonFiles’ decision to sell its old download links could potentially trigger significant repercussions in the realm of cyber threats. With these links now on the market, again, various threat actors may seize the opportunity to acquire a wealth of sensitive information. The potential risks extend to the exploitation of confidential data, identity theft, and further propagation of cyberattacks.

Malware Analysis Made Easy with SOCRadar

Discover the power of SOCRadar’s Malware Analysis module. Get a complete grasp of malware samples, ensuring quick identification and analysis. With features like static analysis, threat intelligence integration, and detailed reporting, security teams have a formidable tool to tackle and eliminate potential threats.

SOCRadar’s Malware Analysis
SOCRadar’s Malware Analysis

This module supports diverse file formats, from Binary to Office files and EML files, delivering instant reports upon upload. It’s an indispensable asset in the battle against malware, empowering organizations to strengthen their threat detection and incident response capabilities.