Takedown of XSS.is Forum Disrupts Ransomware Supply Chain

Takedown of XSS.is Forum Disrupts Ransomware Supply Chain

First seen 30 Jun 2026, 23:40 UTC DatabreachesSecurityaffairs.Co 76% similarity 53.0
Share:

Article Content

Browse articles
ThreatCluster

On July 22, 2025, French and Ukrainian police arrested the alleged admin of XSS.is, a prominent Russian-language cybercrime forum, effectively shutting it down. This forum was crucial for ransomware operations, facilitating transactions and escrow services within the underground economy. The arrest of the 38-year-old man in Kyiv marks a significant blow to cybercriminal activities, although the broader ransomware market remains active. The XSS.is forum had been a key player in the distribution of ransomware tools and services, impacting numerous organizations globally. Despite this takedown, experts warn that the ransomware market continues to thrive, indicating a resilient underground ecosystem. The operation was coordinated by Europol, highlighting international collaboration in combating cybercrime. The full scope of the impact on ransomware operations is still being assessed as new forums may emerge to fill the void left by XSS.is.

Key Points: • XSS.is, a major ransomware forum, was shut down by law enforcement in July 2025. • The forum facilitated escrow services for cybercriminal transactions, impacting the ransomware economy. • Despite the takedown, the ransomware market remains active and resilient.

ThreatCluster AI

Timeline

2025-07-22
Arrest of XSS.is admin
French and Ukrainian police arrested a 38-year-old man in Kyiv, shutting down the influential XSS.is forum.
Securityaffairs.Co
2025-07-22
XSS.is forum shut down
The takedown of XSS.is disrupts a key player in the ransomware supply chain, affecting numerous cybercriminal operations.
Databreaches

Community

Browse all →