Other related articles
Today I bring you a link to the Arvin Club darknet (Tor) ransomeware showcase site
Arvin Club offers ransomware leaks and leaks from breached sites.
As an example, they even offer the Clubhouse scrape data leak
Strategy, Innovation, Leadership and Security
Other related articles
Today I bring you a link to the Arvin Club darknet (Tor) ransomeware showcase site
Arvin Club offers ransomware leaks and leaks from breached sites.
As an example, they even offer the Clubhouse scrape data leak
I wrote a blog post about popular ransomware group TOR (darknet) showcase sites (here).
The purpose of this entry is to add additional sites to the list (so you should check that one out first).
anewset3pcya3xvk73hj7yunuamutxxsm5sohkdi32blhmql55tvgqad.onion
cuba4mp6ximo2zlo.onion
wavbeudogz6byhnardd2lkp2jafims3j7tj6k6qnywchn2csngvtffqd.onion
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion
rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion
The recent explosion of breaches by the CL0P Ransomware gang has renewed an interest in the darkweb showcase sites used by these threat actors to prove that they successfully broken into a company and to encourage victims to pay, Many have asked me to share some of these site and I was always hesitant. I recently learned that some “consultants” are charging customers to provide these publicly available links, which is wrong.
Most of these are on the TOR darkweb so you will have to use a TOR browser or VPN that bridges to TOR.
mobikwikoonux37wauz6oqymshuvebj5u763rutlogc2fb2o3ugcazid.onion
http://ekbgzchl6x2ias37.onion/
http://hpoo4dosa3x4ognfxpqcrjwnsigvslm7kv6hvmhh2yqczaxy3j6qnwad.onion/
http://37rckgo66iydpvgpwve7b2el5q2zhjw4tv4lmyewufnpx4lhkekxkoqd.onion/
p6o7m73ujalhgkiv.onion
hxt254aygrsziejn.onion
http://avaddongun7rngel.onion/
darksidedxcftmqa.onion or darksidc3iux462n6yunevoag52ntvwp6wulaz3zirkmh4cnz6hhj7id.onion
nbzzb6sa6xuura2z.onion
http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/
http://mountnewsokhwilx.onion/
pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid.onion
http://lockbitkodidilol.onion/
wobpitin77vdsdiswr43duntv6eqw4rvphedutpaxycjdie6gg3binad.onion
There are hundreds of write-ups about the CL0P Ransomware and the grand behind it. They came back into the spotlight recently claiming to have exploited the Accellion FTA (old file transfer service) and thus customers running unpatched version of the Accellion product.
Over the last couple of weeks, more “leaks” have come out claiming many more companies have been breached through this vulnerability and then infected with the Cl0p ransomware.
Many have asked if I knew where (on the Darknet, aka TOR network) the CL0P gang is publishing the list of infected companies. the answer is yes : http://ekbgzchl6x2ias37.onion/
Now a word of caution. We aren’t certain who created this site. We don’t know if data on the site is actual CL0P infected organizations or simply someone that found the leaks and is claiming they are infected.
My research leads me to believe that the CL0P group is behind this TOR site and that the data on it is indicative of infected organizations.
If you click on Canadian Bombardier, you get this page with some data provided as proof.
Here is a sample of the “proof” they provide for Bombardier
The moral of the story is that there are bad people our there that want to profit from the misery of others. These threat actors are getting more creative and have improved marketing skills trying to “encourage” victims to pay up.
Hire a good CISO and invest in your security program.