An eBay for Extortion on the Dark Web

It came from the cloud: software as a disservice

A hacker in his office, from Wikipedia.

A hacker in his office, from Wikipedia. (Photo: Brian Katt / Wikimedia)

This afternoon I was cutting and pasting the same e-mail to different people, each opened with the following: “Hey, sorry if this is kind of a bummer email, but I’m doing a story on this new crimeware site called Ran$umbin and you’re dox’ed on there right now.” I sent off a dozen or so depressing messages like that. Toward the end, I had the idea to send each person a screenshot of their data on the site, which can only be visited using the anonymizing TOR browser.

None of the victims got back to me, except one who called me just to confirm that they had gotten a friendly email saying that their information was posted somewhere on the dark web, but they had never looked. I got a thank you for shedding a little light on it, but this particular victim didn’t much care.

Every entrepreneur gets his or her start by identifying some problem and setting out to solve it. We can only guess at what that moment must have looked like for the folks behind Ran$umbin. In short, the site serves as an intermediary between hackers and the people they have screwed.  When a malicious keyboard jockey breaches a person or company’s security, he or she asks Ran$umbin to contact the person and tells them how much money they need to pay in bitcoin to get out of it. Once it’s paid, Ran$umbin ends the mini-nightmare on behalf of their attacker.

Ran$umbin currently assists with two disservices: A hacker can either lock up someone’s CPU or server with ransomware (software that encrypts everything so no one can use it until the attacker sends a key and releases it) or they can dox someone (post all their personal information online). On the bright side, hackers of this sort are known for good customer services.

“I think this criminal venture is pretty creative.” Nitsan Saddan of Cymmetria told the Observer in a phone call. “Since they don’t do any of the extortion themselves, they are less likely to get caught. These are enablers.”  Via a spokesperson, Cymmetria flagged this new dark web site for the Observer. The company creates enterprise level security systems that trap adversaries inside phony networks set up to entrap digital trespassers. He wrote more about it on the company’s blog.

We are only guessing, but we surmise that before starting the site, the creators of Ran$umbin were either doxing people or hitting them with ransomware and they realized that getting in touch with victims endangered them.

“They want zero communication with the victim,” Mr. Saddan explained.

Realizing that other attackers probably worried about the same thing, they decided to place themselves in the middle, not committing crime, but abetting it.

Ransomware has gotten bigger and more sophisticated in recent years. That said, the site doesn’t look very busy yet. It’s impossible to see how many ransomware cases they might be serving, but it currently has 16 total people doxed on the site. Many of the people’s information went up sometime in February. The most recent victim went up on April 23, according to the data posted there.

The judge who heard Silk Road founder, Ross Ulbricht’s, case in Brooklyn federal court, Katherine B. Forrest, has had information posted on the site since February. This is not the first time the judge has been hit in this way. Her office would not respond to a request for comment.

The Observer has previously covered ransomware at length. The best strategies for avoiding ransomware include employee training and backing up data in a place hackers won’t be able to reach.

At this point, the best way to make sure you won’t be doxed is to quit participating in the internet, but using end-to-end security won’t hurt, though.

The service’s email is provided by another dark web service provider, Sigaint. Its .onion site says that its only rules are against harming people, threatening people and spamming. The people who run the email system did not respond to the Observer’s request for comment about whether or not they thought handling extortion requests for hackers counted as harm. According to Ran$umbin’s FAQ, it also works with a third party bitcoin mixer who manages the money it pays out in order to foster greater anonymity. It also sometimes posts its updates on Twitter. So a cloud-based ecosystem of crime is coming together.

We reached out to Ran$umbin for comment, but the operators did not get back to us. There’s a bit of language appended to their policy forbidding refunds or discounts on the site’s payment page that applies just as well here: “Given the nature of this site you’d think that would be obvious.”

An eBay for Extortion on the Dark Web