"Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web"

Researchers have released details on the steps ransomware actors have taken to conceal their true identity online, as well as the location of their web server infrastructure. According to Cisco Talos researcher Paul Eubanks, most ransomware operators host their ransomware operations sites in countries other than their own, such as Sweden, Germany, and Singapore. When they connect to their ransomware web infrastructure for remote administration tasks, they use Virtual Private Server (VPS) hop-points as a proxy to hide their true location. The use of the TOR network and DNS proxy registration services to provide an additional layer of anonymity for their illegal operations is also prominent. However, the cybersecurity firm revealed that it was able to identify TOR hidden services hosted on public IP addresses, some of which are previously unknown infrastructure associated with the DarkAngels, Snatch, Quantum, and Nokoyawa ransomware groups, by taking advantage of the threat actors' operational security missteps and other techniques. This article continues to discuss how the researchers found anonymized ransomware sites on the dark web. 

THN reports "Researchers Share Techniques to Uncover Anonymized Ransomware Sites on Dark Web"