Sodinokibi Ransomware- Larger winnings for underground skills competitions are attracting sophisticated crime groups.
White hats aren’t alone in holding hacking contests. Russian-language cybercriminals are known for running similar competitions on underground forums. However, an analysis of Dark Web activity has uncovered a trend towards offering increasingly high-stakes prizes during such battles. At the same time, increasingly sophisticated participants are throwing their hats into the mix — notably, the operators behind the Sodinokibi (a.k.a. REvil) ransomware.
For instance, a current hacking competition on the illicit forum known as XSS offers members the chance to win a share of $15,000 in return for original articles containing proof-of-concept videos or original code, according to a Digital Shadows report, released on Thursday.
“Since its relaunch as XSS [in 2018], the former Damagelabs has organized three articles competitions, all with four- or five-figure prize funds,” the firm noted.
In the past, competitions on underground forums offered much smaller prize winnings and also focused on lighthearted challenges meant to build community, rather than hacking prowess. For instance, a 2010 competition challenged participants “to design a graphic that best represented the Russian-language segment of the internet (the ‘Runet’) to win an iPad,” according to Digital Shadows.
A more skills-based challenge emerged on the Exploit underground forum in December 2016, when a $2,000 pot was offered for the best articles on broad topics like “malware”, “phreaking” and “hacking.” The event has become an annual winter tradition, but Digital Shadows said that this year the prize levels soared.
“Fast-forward to 2019 and the competition prize fund stood at $10,000, with rules stipulating a word count and content requirements,” the research detailed.
Sodinokibi Sponsors $15K Competition
The recently bigger prizes have attracted new interest from advanced threat groups, the firm said. For instance, Sodinokibi’s operators have stepped forward to sponsor the aforementioned XSS event, which is open now for entries.