The Dark Web Knight Rises? The Anti Ransomware Batman

Is there an anti ransomware batman out there?

Remember how we predicted in 2017 that with law enforcement unable to do anything about ransomware, vigilantes would rise up to fill the void?

Well, it’s already happened. Just two days ago, cyber-vigilantes took down 10,000 underground websites on the Dark Web. Many of these sites were black markets for weapons, drugs, illegal pornography, and downloading ransomware.

With the mass take down, over 100 Bitcoin scams, 1000+ carding and counterfeit sites, and multiple Bitcoin escrow and wallet sites have also been terminated.

For a list of our other predictions for 2017, here’s our article. To hear more about the landmark Dark Web hacking, read on.

What is the Dark Web? A Quick Primer

The easiest way to explain the Dark Web is to imagine the internet as an iceberg. There’s three distinct parts to it:

How the Dark Web works.

The Surface Web- This is the net you can easily access with Google, Bing, or Wikipedia. Pretty much anything you can access with Surface Web crawlers.

The Deep Web- This is 90% of the web, the stuff below the surface. These can’t be accessed directly by a search engine, but you can still get there if you can leap through the right hoops. Financial records, government resources, legal documents, academic information, etc. Your online banking account would be in the Deep Web.

The Dark Web- These pages and files can only be accessed through certain browsers, such as Tor, to ensure anonymity. There’s ‘legitimate’ activities here, such as protecting political and social activist’s activities from repressive governments, and very not laudable ones, such as black markets and criminal enterprises. Basically, the Dark Web is full of people who want to do things anonymously and free from repercussion.

Almost all the sites on the Dark Web hide their identity via encryption. On top of that, users access the Dark Web by using browsers that ‘spoof’ their address, bouncing it off another location in the globe so their IP is hard to trace back. Many users do this several times, making it near impossible for the user to be tracked accessing illegal material.

The Dark Web Hack: Freedom Hosting II Taken Offline

The Tor Browser is used to view the Dark Web.
Like an Onion: Most Dark Web users use the Tor Browser to view it.

The hosting site taken down was Freedom Hosting II, the single largest host of underground websites in the Dark Web.  Freedom Hosting II hosts between 15 and 20 percent of all sites on the Dark Web, severely crippling it.

At first, the hackers seemed to have financial motives for the takedown. They originally demanded a ransom for just 0.1 Bitcoin (just over $100 US). In exchange, they would return the compromised data to the hosting service. A normal ransomware attack with a very small financial demand.

Pandora’s Box: The Hackers Didn’t Like What They Found

Dark Web hackers engage in anti ransomware actions.
Too Dark Even for the Dark Web: The Hackers didn’t like what they found when they hacked FHII.

Upon hacking Freedom Hosting II, the infiltrators said they found more than 50 percent of the files were related to illegal pornography, the kind strictly banned even by the Dark Web’s site’s standards. These sites were also using gigabites of data, while Freedom Hosting II officially allows no more than 256MB per site.

In an interview with Motherboard, an Anonymous hacker who claimed responsibility said they never intended to take down the hosting provider, but once they discovered what the site was being used for, they changed their mind.

As well as taking down the hosted site, they downloaded 74GB of files and a user database dump of 2.3GB. This database includes the email details of nearly 381,000 Dark Web users.

Strangely enough, after using their tools to remove the host from the Dark Web, the hackers then provided the site dump for download to the public—freely providing them with the files they just took offline.

Bad News for Dark Web Users, Good News for Law Enforcement?

FBI aiming for anti ransomware activity.
Reach of the Law: Law Enforcement Agencies have struggled to deal with the anonymity and global scale of the Dark Web.

Whether users were using the service for laudable or contemptible means, you can’t imagine either are impressed with having their user info leaked freely. At the same time, law enforcement agencies are probably having a field day, having access to details they would have struggled to obtain themselves.

While Anonymous claimed responsibility for the hack, it’s impossible to determine if they were actually associated with them. But respected cybersecurity researchers said asking for a ransomware payment is uncharacteristic of confirmed Anonymous operatives.

The Dark Web: A Breeding Ground for Malware Makers

Over the last two years, the Dark Web has been a place where ransomware makers can direct victims to pay their ransom demands in untraceable bitcoins. It’s also a place where they can sell their ransomware tools to would-be criminals at cost (Ransomware-as-a-Service). This means all a cyber-criminal needs to run a scam is upfront cash.

With law enforcement agencies struggling to deal with ransomware scams, and the number and scale of ransomware attacks on the rise, we predicted vigilantes would rise up to take the fight to them in 2017. While this hack wasn’t specifically motivated by anti-ransomware sentiment—in fact, it may have been the opposite—the year is still early.

The Only Sure Way To Protect Yourself from Ransomware: Backup Your Data!

The best anti ransomware tactic is using backups.
Anti Ransomware 101: The best strategy against ransomware is still backup software, with a dash of antivirus.

Ransomware is smart enough to slip past most antivirus software and infect your computer or server. And most anti ransomware tools currently on the market rely on signature based recognition, meaning if you’re infected with a new virus, they won’t necessarily defend you.

The only real security you have for your data is good backup software and a solid backup scheme. That way, even if your computer or server is struck with ransomware, you can wipe the whole thing,  perform a bare metal recovery—and avoid paying a business-crippling ransom.

If you’re running a Windows OS, BackupAssist is the best choice for you. Not only is it the top ranked backup and disaster recovery software for Windows servers, it’s incredibly affordable for small to medium businesses. You can download the free trial here.

If you’re running another sort of OS, here’s a handy market guide to see what fits your system needs.

Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin



Start your free 30-day trial today