[Update] August 18, 2023: The effects of the AnonFiles service’s closure have started coming into view. See the subheading: “Challenges Arise for 8Base Ransomware Following the Closure of AnonFiles.”
The popular file sharing service, AnonFiles, known for enabling users to share files anonymously and without activity logging, has ceased its operations.
The service had been abused by a large number of users, ultimately resulting in its shutdown. Particularly, threat actors had taken advantage of AnonFiles as a platform to disseminate various forms of stolen data.
AnonFiles’ Statement About the Shutdown
Users of AnonFiles have recently raised concerns about encountering timeouts while attempting to upload files. An official announcement from AnonFiles clarified that their proxy provider had terminated their services. The reason cited was the inability to manage the overwhelming volume of abusive content that had been consistently uploaded to the site.
Read the full statement below:
AnonFiles: More Than Just Files, a Mix of Troubles
AnonFiles was a useful file sharing site for many users. However, some users raised concerns about the site’s use of questionable advertisers that often led to malware, tech support scams, and unwanted browser extensions for Google Chrome and Firefox.
For instance, when trying to download a file from AnonFiles, users often found themselves redirected to a site that downloaded an ISO file with the same name as the intended download. Unfortunately, these ISO files contained various types of malware, including software meant to steal information, remote access trojans, and ad clickers.
AnonFiles also carried a dual nature owing to its availability on the clear web, which enhanced accessibility. This characteristic posed a disadvantage when pondering the distribution of stolen data by ransomware threat actors, as it enabled the spread of extorted data to a larger audience.
Now, the operators of AnonFiles are actively looking for someone to buy their domain, presumably to launch a new file sharing service. However, during this transition, the shutdown will result in many files becoming inaccessible. This will impact both cybersecurity researchers and malicious threat actors who used the platform.
In 2021, researcher Germán Fernández highlighted the malvertising on AnonFiles, warning about the distribution of the RedLine Stealer – a notorious information-stealing malware targeting credentials and cryptocurrency wallets.
Potential Implications After AnonFiles’ Closure
One significant concern might revolve around companies whose data was exclusively shared by threat actors through this platform. In the aftermath of shutdown — particularly on a platform like AnonFiles where data is presumed to remain accessible — threat actors might lose interest in dumping the victim’s data. From a victim’s standpoint, this shift in threat actor behavior could potentially work to their advantage.
Furthermore, the shutdown of such platforms inevitably creates room for new ones to rise in their place. This transition could lead to the emergence of fresh file sharing sites, operating under similar patterns. Additionally, there is the possibility of phishing sites being established, mimicking the appearance and functionality of AnonFiles.
Challenges Arise for 8Base Ransomware Following the Closure of AnonFiles
The effects of the AnonFiles service’s closure have started coming into view.
The 8Base ransomware group employed AnonFiles as amirror backup for the files they pilfered during their ransomware operations. Since the file sharing service is no longer functioning, the ransomware group has clarified that a majority of their file links are now invalid, causing them to face difficulties.
You can read the group’s statement below, which they posted on their Telegram channel:
Malware Analysis Made Easy with SOCRadar
Discover the power of SOCRadar’s Malware Analysis module. Get a complete grasp of malware samples, ensuring quick identification and analysis. With features like static analysis, threat intelligence integration, and detailed reporting, security teams have a formidable tool to tackle and eliminate potential threats.
This module supports diverse file formats, from Binary to Office files and EML files, delivering instant reports upon upload. It’s an indispensable asset in the battle against malware, empowering organizations to strengthen their threat detection and incident response capabilities.