Russian Dark Web market store and Jaff ransomware might be connected

Security researchers have recently made an unexpected discovery as they uncovered a Russian Dark Web market store evidently hosted on the same server as the infamous Jaff ransomware. Upon closer investigation, experts have traced back server’s location to St. Petersburg, Russia. The store in question is dubbed PaySell. Here, the cyber criminals trade banking credentials stolen from unsuspecting users all over the world, including the United States, Canada, Australia, New Zealand, Germany, France and a bunch of other European countries ^[1]. When we say stolen credentials, we’re talking thousands of compromised credit card numbers, email addresses and passwords, mainly collected by tracking the data submitted on such web stores like Apple, Asos, Booking, Best Buy, etc. The site itself is structured in an orderly manner, allowing the potential buyers to filter hacked accounts according to their balance, location or the owner's email address. Besides, this marketplace can be accessed quite easily via regular web engines and TOR, which means that the data featured there is virtually up for anyone to grab. The prices of unverified, low balance or partially hacked accounts may begin with a few dollars and spring up to several Bitcoins if the item of interest is verified. Typically, criminals will use the corrupted accounts to obtain Bitcoins and transfer them to their own accounts. This way the money is rendered untraceable and the criminals can’t get caught ^[2].

Such findings bring up a lot of questions, one of which being what is the role of Jaff virus in this malicious business? The basic principles of ransomware operation explain a lot. These parasites are designed to exploit the devices they infect in all ways possible. So why should they stop at data encryption? They can easily make some additional profit by piggybacking keyloggers, rootkits, and other spyware ^[3] and selling the collected data on platforms like PaySell. That is why experts always discourage users from paying ransom or disclosing any other of you personal details to the extortionists. Instead, they recommend eliminating the parasite from the infected device and recovering the encrypted data some other way. It is also crucial to beware of the different deceptive techniques cyber criminals use to phish out sensitive information. Reputable security utilities may block some phishing attempts, but it is just as important to be informed and look out for suspicious content yourself.