Our rundown of the key ransomware events, attacks, and group activity from February. The FBI has issued an advisory warning that the BlackByte ransomware group has been observed targeting multiple US-based entities, including at least three related to critical infrastructure. Government facilities, alongside organisations in the financial, food and agriculture sectors, are all defined as …
The final quarter of 2021 saw disruption across the English-language darknet market landscape, with multiple well-established markets ceasing operations. This created a void that has yet to be filled. This quarter also saw the darknet forum RAMP experience significant growth, creating a new place for ransomware operators and cybercriminals to gather. Shifting Market Landscape In …
In late October, the operators of the REvil (also known as Sodinokibi) ransomware announced they were shutting down their operations due to an infrastructure compromise. Subsequently, it was confirmed that this compromise was conducted as part of a joint operation by multiple law enforcement and intelligence agencies from various countries. The initial takedown of REvil …
The third quarter of 2021 saw the disappearance of Televend, which was a significant blow to darknet vendors who had begun using the service to sell their products via instant messaging platforms as opposed to conventional darknet markets. This quarter also provided a better understanding of how certain major darknet forums were enforcing their ransomware …
This month saw the return of the REvil ransomware group (also known as Sodinokibi). The group’s infrastructure went offline in July, soon after their high-profile supply-chain attack targeting Kaseya. At the time, it was unclear if this was a voluntary decision or stemmed from a potential operation by law enforcement entities. However, the group’s infrastructure …
The most significant ransomware attack in July was the Kaseya attack conducted by the REvil (also known as Sodinokibi) ransomware group. The REvil operators exploited a 0day vulnerability in Kaseya’s VSA servers to bypass authentication measures and perform arbitrary code execution. Notably, this vulnerability had already been privately disclosed to Kaseya, though it remains unclear …
The second quarter of 2021 has been a period of relative stability for darknet markets, with WhiteHouse continuing as the leading English-language market across the ecosystem. Conversely, darknet forums have experienced some degree of upheaval, which can largely be attributed to the outsized role of ransomware groups and the increasing attention being paid to such …
The first quarter of 2021 saw a number of noteworthy developments in the darknet community. This included the DDoS attacks targeting WhiteHouse market and the shutdown of Joker’s Stash. There have also been some interesting emerging trends concerning ransomware groups that are likely to affect the threat landscape for the rest of the year. WhiteHouse …
2020 was a year of instability around the world, and the darknet was not unaffected. COVID-19 had a large part to play in the turmoil of the cybercriminal underworld, as drug vendors had their supply chains disrupted. Delays in both international and domestic transport led to many vendors temporarily halting their operations. Beyond the pandemic, …
