Contact a Data Recovery Specialist at : contact@redteamcr.com

Menu Hide

Register data carrier

unveiling-data-leaks-in-clearnet-and-deepweb
unveiling-data-leaks-in-clearnet-and-deepweb
unveiling-data-leaks-in-clearnet-and-deepweb

The threat of data breaches has become one of the most widespread and damaging cybersecurity threats in the world today. During the past year, we have seen major breaches targeting all industries – governments, hospitals, automotive, cellular, TV, social media, retail, and software. Cyberattacks and attempts to steal and sell data are sometimes aimed at specific targets (industries, executives), while other times they’re launched on any platform or domain the hackers can gain access to.

The main sources of leaked data

In 2022, RaidForums, one of the most popular sources for data breaches, was shut down and replaced with a new hacking forum, BreachForums, within days. There is an increasing amount of dark and deep web sources for data theft and trade. We can see it on hacker forums such as BreachForums and XSS, as well as on Marketplaces such as Russian Market and Genesis, chat applications such as Telegram, and paste sites such as PasteBin.

The New Ransomware Victim of LockBit 3.0: Royal Mail Group

On February 6, a SOCRadar dark web researcher found a post that the LockBit ransomware group claimed responsibility for the cyberattack on Royal Mail, the UK’s leading mail delivery service. In the case of non-payment of the ransom, LockBit says that the data allegedly belonging to the Royal Mail Group will be leaked on February 9.

New Victim of Play Ransomware: A10 Networks

SOCRadar found a new post about A10 Network on the website belonging to the Play Ransomware group. A10 Networks is an American public company specializing in manufacturing application delivery controllers (software and hardware). Play Ransomware group claims to contain sensitive private and personal data, agreements, technical documents, and employee and customer documents.

Play ransomware has previously attacked many companies, including Texas-based cloud computing provider Rackspace.

Types of hidden services of dark web:

There are a wide variety of hidden services available on the dark web, and they can be used for both legal and illegal purposes. Some common types of hidden services on the dark web include:

  • Marketplaces: These are websites that allow users to buy and sell goods and services, including illegal items such as drugs, counterfeits, PII, data dumps, hacking tools and weapons.
  • Communication tools: These are websites that allow users to communicate anonymously, such as through encrypted messaging or email.
  • Whistleblowing platforms: These are websites that allow individuals to anonymously share sensitive or confidential information with the public or media.
  • Blogs and forums: These are websites that allow users to share ideas and opinions anonymously.
  • File-sharing platforms: These are websites that allow users to share files anonymously, such as through torrents.

It is important to note that accessing these hidden services on the dark web may be illegal in some countries, and engaging in illegal activity through these services can also be risky due to the potential for exposure to malicious software or other online threats. You should be cautious when accessing hidden services on the dark web and be aware of the risks involved.

AvosLocker

AvosLocker hidden service uses AvosLocker malware that is used to extort money from victims by encrypting their files and demanding a ransom to decrypt them. AvosLocker typically spreads through email attachments or by exploiting vulnerabilities in a victim’s computer.

Once a victim’s files have been encrypted, AvosLocker will display a ransom note demanding payment in exchange for the decryption key. The ransom amount is typically demanded in a cryptocurrency such as Bitcoin, and payment is often required within a certain time frame or the ransom amount will increase.

Everest Ransomware Group

Everest Ransomware Group is a group of cyber-criminals that is known for using the Everest Ransomware strain to attack and extort money from victims. The Everest Ransomware is a type of malware that encrypts a victim’s files and demands a ransom in exchange for the decryption key.

The Everest Ransomware Group is believed to operate out of Russia and has been active since at least 2018. The group has targeted a wide range of organizations, including hospitals, schools, and small businesses. The group is known for using advanced tactics to evade detection and for demanding large ransoms from its victims.

Hive Leaks

Hive ransomware group uses Hive malware to attack and extort money from victims. The Hive ransomware group is a group of cybercriminals that has been active since at least 2020 and is known for using advanced tactics to evade detection and for demanding large ransoms from its victims.

The Hive ransomware attacks typically involve encrypting a victim’s files and demanding a ransom in exchange for the decryption key. The group is known for targeting a wide range of organizations, including hospitals, schools, and small businesses.

Call Me