Two new ransomware communities emerge in RAMP as one closes. Following the seizure of infrastructure connected to the infamous RAMP cybercrime forum by US authorities last month, Rapid7 released an analysis of that ransomware ecosystem today. Ransomware-as-a-service (RaaS) affiliates have long been acquired through RAMP, but the FBI-led interagency sting on January 28 forced many cybercrime groups to find new ways to market their products.
In this week's blog post, Alexandra Blia and Efi Sherman of Rapid7 pointed out two possible forums where attackers could next target. Samani tells ZeroOwl that this recent forum activity also demonstrates how financial incentives will outweigh any need to hide, even as RAMP's seizure damages trust within the cybercrime community.
Related: Cyber Experts Still Don't Know Everything About the Enigma Cipher Device "We have seen this play out so many times before," he claims. For instance, within a month of the first version of BreachForums and XSS being shut down, a new one appeared. In other words, this illustrates a substantial economy in which threat actors do not perceive the risk because of the perceived anonymity offered by these forums' online format.
