Securityaffairs.Co
Takedown of XSS.is Forum Disrupts Ransomware Supply Chain
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
On July 22, 2025, French and Ukrainian police arrested the alleged admin of XSS.is, a prominent Russian-language cybercrime forum, effectively shutting it down. This forum was crucial for ransomware operations, facilitating transactions and escrow services within the underground economy. The arrest of the 38-year-old man in Kyiv marks a significant blow to cybercriminal activities, although the broader ransomware market remains active. The XSS.is forum had been a key player in the distribution of ransomware tools and services, impacting numerous organizations globally. Despite this takedown, experts warn that the ransomware market continues to thrive, indicating a resilient underground ecosystem. The operation was coordinated by Europol, highlighting international collaboration in combating cybercrime. The full scope of the impact on ransomware operations is still being assessed as new forums may emerge to fill the void left by XSS.is.
Key Points: • XSS.is, a major ransomware forum, was shut down by law enforcement in July 2025. • The forum facilitated escrow services for cybercriminal transactions, impacting the ransomware economy. • Despite the takedown, the ransomware market remains active and resilient.