A second Russian-language hacking forum bans ransomware-related ads, and the first claim is filed against DarkSide

Earlier today, this site reported that XSS forum had banned any ransomware-related ads and would be deleting threads and posts.

Hours later, Exploit.in followed suit.

Exploit bans all ransomware affiliate programs

Good day,

We are glad to see pentesters, specialists, coders.

But they are not happy with lockers, they attract a lot of attention. The very type of activity is not pleasant to us in view of the fact that everything is located in a row, we do not consider it advisable to be present on our forum, partner programs of lockers.

It was decided to remove all affiliate programs and prohibit them as a type of activity on our forum.

All topics related to lockers will be deleted.

While the reaction to the announcement was somewhat mixed and generated more heat than the discussion on XSS after it issued its announcement, one supporter of the Exploit.in announcement was DarkSide, who endorsed it as the “correct solution.”

DarkSupp on Exploit.in

“UNKN” of REvil also participated in the reactions to the announcement, claiming “we will not hide – we are delighted. We receive the ads of all closed partners.”

First Affiliate Claim Filed Against DarkSide

Some have suggested that DarkSide might be engaging in an exit scam or may run to ground, hiding in fear. This blogger expected them to put their heads down and get to work — but not to run and hide.  It came as no surprise to find that DarkSupp was visibly present on both Russian-language forums today.

And today, on XSS.is, the first claim for reimbursement from them was posted.  A user, “qwerty1” who created a new account “for my own safety,” submitted a claim to the admin., under the rules of the forum.

Claim Against Darksupp

The claim did not include the name of the target or victim, or the amount of ransom paid or claimed amount due, but summarized the situation:

…I am a pentester and worked with the DarkSide affiliate network, the other day a company network was installed which paid in the amount of N btc, under the terms of the PP DarkSide 80% of the ransom in my direction. After payment, the support reported that they did not have access to the server where the payment was hosted, and after that the PP announced it was closed. As a result, the target paid, but I did not receive my share, please pay my share in the amount of N1.

The amounts are indicated personally to the admin.
Black is needed to pay out funds from the deposit, the PP is not against covering the funds from the deposit and regrets the situation served.

The claimant correctly noted that DarkSide was not opposed to covering the claim from the funds on deposit with the forum. As part of its notice to affiliates,  DarkSide had informed them that:

The following actions will be taken to solve the current issue: You will be given decryption tools for all the companies that haven’t paid yet.

After that, you will be free to communicate with them wherever you want in any way you want. Contact the support service. We will withdraw the deposit to resolve the issues with all the affected users.

The approximate date of compensation is May 23 (due to the fact that the deposit is to be put on hold for 10 days on XSS).

In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck.

DarkSide had deposited 23 BTC with XSS.is in November, 2020, and was online in XSS.is after the first claim was posted.

Update: Early this morning, the admin posted a reminder of the forum rules.

XSS Forum Rules on Claims

The defendant had a substantial deposit.

Let me remind you that our rules are :

return to the victims occurs from the balance, dividing proportionally between the victims in a% ratio.

Consideration of the return process takes place directly in black, within 7 days .

We begin the procedure for paying compensation from the PP deposit. I ask you to write here and inform if someone else has a claim against the defendant.

This post was updated post-publication to include the XSS admin’s reminder of rules. Previous comments about whether DarkSide could theoretically just remove their deposit and pull an exit scam have been removed since it it does not sound like they could (even though this site had stated that they did not expect them to try an exit scam).

About the author: Dissent

Comments are closed.