Dont glamorize cybercrims roast them instead The Register
p
My Account
pp
The Register Home Page
ppinterview Cybercrime crews have become almost mystical entities with security vendors assigning them names like Wizard Spider and Velvet TempestppThey hide out in hidden corners of the dark web often accompanied by a clearnet leak site leading some infosec folks to talk about these miscreants as if they are invincible But not everyone is on board with this trendppFormer CISA boss Jen Easterly and others have called on the industry to stop glamorizing these groups and instead give them horrible names like Scrawny Nuisance or Evil Ferret ppDuring an interview with The Register at the RSA Conference Trellix VP of threat intel John Fokker said hes sick of it too ppIm trying to spark a debate or a healthy conversation about what we can do as an industry he said Everybodys glorifying threat actors and thats not helping our customers or organizations These are just individuals they just use computers and they just want to steal your data and make money Theyre not mythical They dont have superpowersppThese are just individuals they just use computers and they just want to steal your data and make money Theyre not mythical They dont have superpowersppSo his team at threat detection and response firm Trellix decided to take an almost psyops approach to covering the criminal underground We dont want to glorify them whats the opposite we can do Were going to roast themppAnd thus the Dark Web Roast was born Its a regular blog complete with memes mockery and a Ricky Gervais theyre just jokes inspired disclaimer While these incidents are genuinely amusing they represent real criminal activities causing significant harm This content is for threat intelligence and educational purposes onlyppThe most recent edition features a ransomware gang that bulkdrafted and scheduled their extortion attempts like a content calendar Considering the sheer numbing volume of their posts its a solid bet that their victims are probably just fake sites they spun up themselves for content because nothing screams legitimacy like inflating your stats with phantom compromises the researchers wroteppTheres also an exploit developer named cortana9000 who found a Cisco remote code execution bug CVE202620045 under active exploitation by governmentbacked goons and asked on a forum so how much is this worth then listed it on another forum for 70000 ppA fellow forum member KlopInko swooped in with the devastating oneliner since its known its a 1day exploit essentially telling cortana9000 that his 70K payday had already started depreciating the moment he opened his mouth according to the roastppTheres also a crim using the handle patagon on DarkForums who tried to sell full domain admin access to Russias energy grid for less than a used car undervaluing their apparent find by many orders of magnitudeppFokker points to the LockBit infrastructure seizure and dismantling led by the UKs National Crime Agency NCA as the beginning of a deliberate change in law enforcements response toward cybercriminals In that case the cops trolled the notorious ransomware gang via its own website before ultimately unveiling LockBitSupps true identityppTaking down groups infrastructure isnt enough because they can simply spin up new servers and domains which we should point out LockBit did Then it becomes a game of whackamoleppCriminals say OK I can play this game all day long So that doesnt really work Fokker said But public mockery as with LockBit and infiltration like the FBI did with Hives ransomware network can fracture trust among cyberthieves And this fragmentation can help defenders dismantle criminal operations and keep people and data safeppIn the criminal underground its more networkbased and individualbased Fokker said Ransomware crews work with initial access brokers or exploit developers to break into victims networks and they have developers who are writing malware and affiliates carrying out the attacks ppThis also creates dependencies Fokker said You have groups that were in the partnership with the ransomware group and they were breaking into or they were stealing data and then you have exit scams or the decryptor didnt work and that causes cracks in the business modelppTrellix assisted international cops in the longrunning Operation Endgame and during the November 2025 Rhadamanthys infostealer takedown officials released a smug animated video hinting at intelligence gathered during the operation and designed to undermine trust within criminal organizationsppThe video shows an administrator skimming the most valuable secrets and cryptocurrency keys for personal gain while passing only less lucrative data to customers Trellix learned about this incident during a briefing with Dutch policeppThey said to us We found out that this admin is also stealing from his own customers Fokker remembers After the Europol press release came out Trellix unleashed the snark in a Dark Web RoastppWe basically said youre stupid if you work with him because hes just getting rich and we just make fun of him Fokker said We dont know if the impact was measurable but still we had an opportunity to run with that story and make a complete fool out of this admin So thats something ppSend us newsppBiting the hand that feeds ITppCopyright
All rights reserved
19982026
p
My Account
pp
The Register Home Page
ppinterview Cybercrime crews have become almost mystical entities with security vendors assigning them names like Wizard Spider and Velvet TempestppThey hide out in hidden corners of the dark web often accompanied by a clearnet leak site leading some infosec folks to talk about these miscreants as if they are invincible But not everyone is on board with this trendppFormer CISA boss Jen Easterly and others have called on the industry to stop glamorizing these groups and instead give them horrible names like Scrawny Nuisance or Evil Ferret ppDuring an interview with The Register at the RSA Conference Trellix VP of threat intel John Fokker said hes sick of it too ppIm trying to spark a debate or a healthy conversation about what we can do as an industry he said Everybodys glorifying threat actors and thats not helping our customers or organizations These are just individuals they just use computers and they just want to steal your data and make money Theyre not mythical They dont have superpowersppThese are just individuals they just use computers and they just want to steal your data and make money Theyre not mythical They dont have superpowersppSo his team at threat detection and response firm Trellix decided to take an almost psyops approach to covering the criminal underground We dont want to glorify them whats the opposite we can do Were going to roast themppAnd thus the Dark Web Roast was born Its a regular blog complete with memes mockery and a Ricky Gervais theyre just jokes inspired disclaimer While these incidents are genuinely amusing they represent real criminal activities causing significant harm This content is for threat intelligence and educational purposes onlyppThe most recent edition features a ransomware gang that bulkdrafted and scheduled their extortion attempts like a content calendar Considering the sheer numbing volume of their posts its a solid bet that their victims are probably just fake sites they spun up themselves for content because nothing screams legitimacy like inflating your stats with phantom compromises the researchers wroteppTheres also an exploit developer named cortana9000 who found a Cisco remote code execution bug CVE202620045 under active exploitation by governmentbacked goons and asked on a forum so how much is this worth then listed it on another forum for 70000 ppA fellow forum member KlopInko swooped in with the devastating oneliner since its known its a 1day exploit essentially telling cortana9000 that his 70K payday had already started depreciating the moment he opened his mouth according to the roastppTheres also a crim using the handle patagon on DarkForums who tried to sell full domain admin access to Russias energy grid for less than a used car undervaluing their apparent find by many orders of magnitudeppFokker points to the LockBit infrastructure seizure and dismantling led by the UKs National Crime Agency NCA as the beginning of a deliberate change in law enforcements response toward cybercriminals In that case the cops trolled the notorious ransomware gang via its own website before ultimately unveiling LockBitSupps true identityppTaking down groups infrastructure isnt enough because they can simply spin up new servers and domains which we should point out LockBit did Then it becomes a game of whackamoleppCriminals say OK I can play this game all day long So that doesnt really work Fokker said But public mockery as with LockBit and infiltration like the FBI did with Hives ransomware network can fracture trust among cyberthieves And this fragmentation can help defenders dismantle criminal operations and keep people and data safeppIn the criminal underground its more networkbased and individualbased Fokker said Ransomware crews work with initial access brokers or exploit developers to break into victims networks and they have developers who are writing malware and affiliates carrying out the attacks ppThis also creates dependencies Fokker said You have groups that were in the partnership with the ransomware group and they were breaking into or they were stealing data and then you have exit scams or the decryptor didnt work and that causes cracks in the business modelppTrellix assisted international cops in the longrunning Operation Endgame and during the November 2025 Rhadamanthys infostealer takedown officials released a smug animated video hinting at intelligence gathered during the operation and designed to undermine trust within criminal organizationsppThe video shows an administrator skimming the most valuable secrets and cryptocurrency keys for personal gain while passing only less lucrative data to customers Trellix learned about this incident during a briefing with Dutch policeppThey said to us We found out that this admin is also stealing from his own customers Fokker remembers After the Europol press release came out Trellix unleashed the snark in a Dark Web RoastppWe basically said youre stupid if you work with him because hes just getting rich and we just make fun of him Fokker said We dont know if the impact was measurable but still we had an opportunity to run with that story and make a complete fool out of this admin So thats something ppSend us newsppBiting the hand that feeds ITppCopyright
All rights reserved
19982026
p
