DarkSide Hits Toshiba; XSS Forum Bans Ransomware

2021-05-17 16:23

For a ransomware gang whose servers were purportedly commandeered last week, DarkSide has had a server-fueled weekend, with a reported hit on Toshiba Business.

Late on Thursday night came a post to the "Exploit" underground forum that looked, at least, to be from DarkSide.

It's not the only one coming up with new rules: according to Flashpoint researchers, the Russian-language cybercriminal forum XSS has also announced that it was outlawing all ransomware activities, including ransomware affiliate programs, ransomware for rent, and sale of ransomware software.

The XSS admin reportedly said that the ransomware expulsion is partially based on ideological differences between the forum and ransomware operators.

The attention from high-profile incidents such as the pipeline attack is also quite unwelcome, the admin said, having resulted in a "Critical mass of nonsense, hype and noise." Ransomware collectives and their accompanying attacks are generating "Too much PR," the XSS admin said, and are heightening the geopolitical and law-enforcement risks to a "Hazard[ous] level."

A Toshiba spokesperson has indicated that the company suffered that ransomware attack on May 4, just three days before the Colonial Pipeline one."

News URL

https://threatpost.com/darkside-toshiba-xss-bans-ransomware/166210/

#ransomware #toshiba #XSS