{
	"id": "1524d48f-a2ae-444f-9920-86ddb987f248",
	"created_at": "2026-04-10T03:21:01.665569Z",
	"updated_at": "2026-04-10T13:12:00.84844Z",
	"deleted_at": null,
	"sha1_hash": "312b796152ab53c1a3cb0c479c1821f3a2b1edcf",
	"title": "Popular hacking forum bans ransomware ads",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 279099,
	"plain_text": "Popular hacking forum bans ransomware ads\r\nBy Catalin Cimpanu\r\nPublished: 2023-07-07 · Archived: 2026-04-10 02:12:49 UTC\r\nOne of the most popular hacking forums on the internet today announced that it would ban ransomware ads.\r\nThe XSS forum, previously known as DaMaGeLab, has been one of the two major places where ransomware\r\ngangs have advertised their services and hired partners to carry out attacks.\r\n\"Lockers (ransomware) have accumulated a critical mass of nonsense, bullshit, hype, noise,\" the site's admin said\r\ntoday in a post spotted by Recorded Future threat intelligence analyst and The Record author Dmitry Smilyanets.\r\nGoing forward, the forum said it would prohibit ads for ransomware affiliate models and the sale or rental of\r\nransomware strains.\r\nThe XSS ransomware ban comes after a ransomware gang known as Darkside encrypted the network of Colonial\r\nPipeline in an attack that shut down a major pipeline that transported fuel for around 45% of the US East Coast.\r\nThe incident shone a new light on the ransomware phenomenon, which became a daily topic in White House\r\nnational security briefings.\r\nWith most ransomware gangs operating out of Russia, and with most ransomware being advertised on Russian-speaking forums, industry experts expect US authorities to crack down on some of these threat actors and their\r\nenablers.\r\nThe tone appears to have been set by US President Joe Biden in a press conference on Monday, when he said that\r\nRussia has \"some responsibility to deal with this [phenomenon],\" before saying that he'd also bring up the topic in\r\nfuture discussions with Russian President Vladimir Putin.\r\nhttps://therecord.media/popular-hacking-forum-bans-ransomware-ads/\r\nPage 1 of 3\n\nHowever, even before those talks could take place, the message appears to have registered loud and clear. In a\r\nmessage today, the XSS admin team decided to avoid unwanted scrutiny, claiming that their forum's main purpose\r\nwas always \"knowledge\" and not to serve as a marketplace for criminal gangs.\r\nTheir decision might have been hasted by the fact that the Darkside ransomware gang ran an ad for its affiliate\r\nprogram on the XSS forum, together with all the major ransomware operations, such as REvil, Netwalker,\r\nGandcrab, Avaddon, and many others.\r\nRansomware ads still allowed on Exploit\r\nWith the XSS ban today, Smilyanets expects ransomware gangs to move their recruiting and advertising\r\noperations on Exploit, another major cybercrime forum on which most gangs have also been running ads like the\r\nones they ran on XSS.\r\nAt the time of writing, the Exploit team has not made any announcement in regards to a ransomware ad ban.\r\nBut the XSS ransomware ban today is not unique. Cybercrime forum admins have often banned certain topics on\r\ntheir sites when they believed law enforcement might take them in their sights.\r\nFor example, in 2016, after a hacker published the source code of the Mirai DDoS botnet on HackForums, the\r\nsite's admin responded by banning DDoS-for-hire service ads a few days later, not wanting to be in the crosshairs\r\nof an FBI investigation looking into a series of Mirai DDoS attacks that crippled large parts of the internet.\r\nSimilarly, when internet pranksters started hacking into Zoom meetings and recording users in early 2020, forums\r\nlike Cracked and Nulled, where pranksters often went to organize or request Zoom bombing sessions, banned the\r\nposting of any Zoom-related content on their sites.\r\nUPDATED on May 14, 16:30pm: A day after the XSS forum banned ransomware ads, the Exploit forum followed\r\nsuite and also announced a similar decision. Currently, both of the two major hacking forums where ransomware\r\nads were being posted have banned these types of adverts on their sites.\r\nAnother one bites the dust - forum Exploit bans #ransomware pic.twitter.com/d4nknItz7E—\r\n(@ddd1ms) May 14, 2021\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/popular-hacking-forum-bans-ransomware-ads/\r\nPage 2 of 3\n\nCatalin Cimpanu\r\nis a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement\r\nactions against hackers.\r\nSource: https://therecord.media/popular-hacking-forum-bans-ransomware-ads/\r\nhttps://therecord.media/popular-hacking-forum-bans-ransomware-ads/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://therecord.media/popular-hacking-forum-bans-ransomware-ads/"
	],
	"report_names": [
		"popular-hacking-forum-bans-ransomware-ads"
	],
	"threat_actors": [],
	"ts_created_at": 1775791261,
	"ts_updated_at": 1775826720,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/312b796152ab53c1a3cb0c479c1821f3a2b1edcf.pdf",
		"text": "https://archive.orkl.eu/312b796152ab53c1a3cb0c479c1821f3a2b1edcf.txt",
		"img": "https://archive.orkl.eu/312b796152ab53c1a3cb0c479c1821f3a2b1edcf.jpg"
	}
}