The FBI, in combination with police around the world, have taken control of the website and Telegram channel of ransomware brokerage site BreachForums.

The action occurred on Wednesday, just days after the site hosted information apparently stolen from Europol's databases and marks the latest action against the pernicious site. Despite numerous takedowns of the site's operators it kept popping back up and now the cops have taken control of the site - for the time being.

“This website has been taken down by the FBI and DOJ with assistance from international partners,” the site now reads. “We are reviewing the site's backend data. If you have information to report about cyber criminal activity on BreachForums, please contact us.”

The operation was carried out by Five Eyes nations, as well as police from Switzerland, Iceland and Ukraine.

BreachForums has been a constant thorn in the side of police for a while now and there have been some successes. Its former admin Conor Brian Fitzpatrick - aka "Pompourin" was sentenced to 20 years of supervised release in January after his arrest earlier that month, but the site popped up again to act as a broker for stolen data.

BreachForums took over from the previously taken down RaidForums website, which was shuttered in 2022 after another combined police operation. Both sites traded in stolen information and were pivotal to so-called double extortion attacks, where data is not only encrypted for ransom but also stolen and used to threaten victims with exposure if they didn't pay up.

"From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services," the FBI's IC3 website says, and includes a for victims to add information to hunt for the perpetrators.

No doubt other forums of this kind will spring up but the takeover is a major blow to those who seek to extort folks using their own data. It's a multi-billion dollar industry now and there's no sign of a technical fix or a loss of motivation among the criminal set. ®

https://www.theregister.com//2024/05/15/fbi_breachforums_ransomware/