SOCRadar® Cyber Intelligence Inc. | Dark Peep #4: Ransomware For Sale


Nov 03, 2023
6 Mins Read

Dark Peep #4: Ransomware For Sale

October finally ended; we hope the cybersecurity awareness month was helpful for everyone.

In this issue of Dark Peep, we will discuss the interesting events that caught the attention of the SOCRadar team on the Dark Web, including those who sold their operations, those who took a break, those who were yelled at by their victims, and those who announced new operations.

Welcome to Dark Peep #4:

Fig. 1. Illustration of RansomedVC, selling its own ransomware (generated using Dall-e 3), dark peep #4
Fig. 1. Illustration of RansomedVC, selling its own ransomware (generated using Dall-e 3)

4 Exploitation is Out!

It seems some groups have mastered the art of “server-surfing” with style. With their recent ‘pwnage’ stunt, they’ve left their digital footprint and decided to hit the ‘pause’ button on their cyber escapades. It’s a classic game of “come, see, conquer, and share.” 

Fig. 2. 4 Exploitation’s announcement, dark peep #4
Fig. 2. 4 Exploitation’s announcement

But as they log off, for now, the virtual world holds its byte, waiting for their next login adventure.

Meow Bumped into an Angry Victim

The ALPHV (Blackcat) ransomware group attempted to strong-arm Advarra, a leading clinical research tech firm. However, Advarra didn’t just hit back; they went code-to-code. Sending a clear message to their virtual adversaries, they stated, “We do not pay digital terrorists.” But that’s not all! When ALPHV tried to slide into the DMs of one of Advarra’s top brass, her response was a crisp, “go f* yourself.” 

Fig. 3. Messages to ALPHV (Source: vx-underground)
Fig. 3. Messages to ALPHV (Source: vx-underground)

It’s a classic tale of cyber brinkmanship, where one thing is clear: in the digital realm, you either “Git Gud or Get Rekt.” Stay tuned as this byte-sized drama unfolds.

Fig. 4. How to hack Advarra
Fig. 4. How to hack Advarra

The Cunning of the RAT Developer

Script Kiddies looking to use XWorm RAT without lightening their digital wallets, beware! While the tool comes with a price tag of $400-$500, there are whispers of ‘free’ full kits on GitHub. But here’s the twist in the tale: this freebie might just be a bait-and-switch game by XWorm’s developer. Rumor has it that the complimentary version comes with some ‘unexpected features.’ Seems like in the digital seas, there’s no such thing as a free lunch, or in this case, a free RAT! Beware of the cheese; it might just snap!

Fig. 5. Fake XWorm Repositories (Source: HP Wolf Security)
Fig. 5. Fake XWorm Repositories (Source: HP Wolf Security)

KillMilk’s Byte Blitz: Investing in the Art of DDoS Darkness

The message, forwarded from ‘KillMilk’ on the ‘Anonymous Russia’ platform, presents a pitch-black proposal: “DDOS DARK.” This clandestine call is on the hunt for an investor, ready to fund a one-off DDoS project. The lure? A whopping 50% return on the investment. But here’s the catch that’ll make you double-check your firewall: the payback period is a mere 15 days! It appears the cyber underworld is not just about hacking but also about high-stake deals. Always remember to surf wisely, for the digital abyss is deeper and darker than it appears.

Fig. 6. DDOS DARK, dark peep #4

UserSec Unveils Its New DDoS Service!

UserSec brings to light a ‘DDoSing’ opportunity that seems to be causing quite the ‘byte’ in the cyber market. With cryptocurrencies like BTC, ETH, and USDT as the coin of their realm, they’re making sure their ‘blockchain’ of services remains unbroken. Offering free 10-minute tests — because who doesn’t like a sneak-peek before the full ‘server down’ show? — they’re all set to ‘flood’ your adversaries, although they draw the line at Russia. Perhaps the cold cyber winds don’t favor them there?

Fig. 7. UserSec’s new DDoS Service
Fig. 7. UserSec’s new DDoS Service

Even on the KillNet Some Things End

Radis, a figure deeply embedded in the cyber realm, recently shared a reflective message indicating a significant shift or end in its journey. While expressing remorse for certain actions and seeking forgiveness, Radis emphasizes the efforts it invested in projects like “Tesla” and “Indprint,” referring to them affectionately as its “children.” Radis hints at a potential departure or identity change, but assures its legacy, and the mysteries behind its “poker face,” will continue to intrigue. Its sign-off is one filled with emotion, love, and a plea for understanding.

Fig. 8. Farewell, from Radis, dark peep #4
Fig. 8. Farewell, from Radis

Ransomed is on Sale!

The project or threat actor group is known as Ransomed.VC has announced a “locking” sale. Due to undisclosed personal reasons, they’ve decided to “unlock” their assets to potential buyers. This package isn’t just some “key” offerings; it’s a full “suite” deal. From a Ransomware Builder that claims to outwit antivirus programs to a treasure trove of exclusive databases, this sale seems to be the “key” to a kingdom of cybercrime. They’ve even thrown in access to their social media handles – talk about giving away the “keys” to the kingdom!

Fig. 9. Ransomed is on sale
Fig. 9. Ransomed is on sale

A New Day, a New Forum…

A new gladiator has entered the arena of hacker forums: the Cyb3r Drag0nz forum. Portraying itself with the fierce emblem of a dragon, this “Hacking Community” offers a space for cybersecurity enthusiasts, professionals, and those curious about the digital underground to converge, share knowledge, and hone their skills. The rising popularity of Cyb3r Drag0nz signals its potential influence in the hacking world, but as with all gladiators, only time will tell if it will reign supreme or face challenges in the digital battleground.

Fig. 10. Cyb3r Drag0nz forum is now available
Fig. 10. Cyb3r Drag0nz forum is now available

The Five Families Recommends the New Contender in Bulletproof Hosting Services: The Tailstream Network!

Tailstream Network has recently marked its grand entrance into the hosting service landscape, as announced on BlackForums. Interested individuals and organizations can explore their offerings with the added incentive of a 10% discount on the initial order using the promotional code! 

Fig. 11. Launch of Tailstream Network
Fig. 11. Launch of Tailstream Network

The Dark Web is not at rest, and we don’t expect it to become slower. You can use Dark Web News in SOCRadar XTI’s Cyber Threat Intelligence module to keep up to date with developments on the Dark Web:

Fig. 12.  SOCRadar XTI’s Dark Web News page under the CTI Panel (Source: SOCRadar), dark peep #4
Fig. 12.  SOCRadar XTI’s Dark Web News page under the CTI Panel (Source: SOCRadar)