How to access Ransomware sites?

Hello again, today let’s discuss about accessing ransomware sites using TOR browser.

Every now and then, you would be seeing articles and news about new ransomware attacks and if you are active in twitter, many of them will be posting pics about the news feed of what the hackers posted on their particular ransomware sites.

But, you will also notice that none of them post “.onion” links, referring to twitter’s security policy about posting dangerous links.

But how do you find a particular “.onion” site address?

For starters, Install TOR browser. If you don’t know what “TOR” is, it is a dark search engine with “.onion” sites which by accessing you will be directed towards various nefarious websites such as hiring hitmans, hackers for hire, and every illegal activity you could think of.

But there’s a catch. How will you find if the websites are legitimate or not, whether it is a site set up by FBI, CIA, Interpol or any other alphabet agencies to filter out domestic terrorists, disrupt drug activities and so on. That’s the reason people will never recommend installing TOR browser.

As a great man once said, “With great power comes great responsibility”.

Anyway, since we are discussing about ransomware addresses, below is the list of famous ransomware sites.

RANSOMWARE SITES:

• http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion
  (REVIL RANSOMWARE)
• http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion/
  ((LOCKBIT 2.0))
• http://nbzzb6sa6xuura2z.onion/
  (SUNCRYPT)
• http://ekbgzchl6x2ias37.onion/ (CLOP)//V2 LINK(SUPPORT IS ENDING)////
  http://santat7kpllt6iyvqbr7q4amdv6dzrh6paatvyrzl7ry3zm72zigf4ad.onion/ (CLOP(V3))
• http://dnpscnbaix6nkwvystl3yxglz7nteicqrou3t75tpcc5532cztc46qyd.onion/ (CORPORATE LEAKS)
• http://hxt254aygrsziejn.onion/ (Nifilim ransomware)
• http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/
  (RYUK RANSOMWARE || CONTI_NEWS/RYUK)
• http://continewsnv5otx5kaoje7krkto2qbu3gtqef22mnr7eaxw3y6ncz3ad.onion/ (CONTI/RYUK NEWS)
• http://lorenzmlwpzgxq736jzseuterytjueszsvznuibanxomlpkyxk6ksoyd.onion/ ( LORENZ RANSOMWARE)
• http://rbvuetuneohce3ouxjlbxtimyyxokb4btncxjbo44fbgxqy7tskinwad.onion/ (LV BLOG RANSOMWARE)
• http://pay2key2zkg7arp3kv3cuugdaqwuesifnbofun4j6yjdw5ry7zw2asid.onion/ (PAY2KEY-LEAK DIRECTORY! )
• http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion/ (PYSA RANSOMWARE)
• http://rgleaktxuey67yrgspmhvtnrqtgogur35lwdrup4d3igtbm3pupc4lyd.onion/ ( RAGNAR_LOCKER RANSOMWARE)
• http://rnsm777cdsjrsdlbs4v5qoeppu3px6sb2igmh53jzrx7ipcrbjz5b2ad.onion/ ( RANSOMEXX RANSOMWARE )
• http://xingnewj6m4qytljhfwemngm7r7rogrindbq7wrfeepejgxc3bwci7qd.onion/ ( XING TEAM RANSOMWARE )
• http://cuba4mp6ximo2zlo.onion/ (( CUBA RANSOMWARE ))
• http://blackmax7su6mbwtcyo3xwtpfxpm356jjqrs34y4crcytpw7mifuedyd.onion/ (BLACKMATTER RANSOMWARE)
• http://3kp6j22pz3zkv76yutctosa6djpj4yib2icvdqxucdaxxedumhqicpad.onion/ (ARVIN CLUB RANSOMWARE )
• http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion/list.html (ATOM SILO RANSOMWARE)
• http://avosqxh72b5ia23dl5fgwcpndkctuzqvh2iefk5imp3pi5gfhel5klad.onion/ (AVOSLOCKER RANSOMWARE)
• http://f5uzduboq4fa2xkjloprmctk7ve3dm46ff7aniis66cbekakvksxgeqd.onion/ (BLACKBYTE RANSOMWARE)
• http://bonacifryrxr4siz6ptvokuihdzmjzpveruklxumflz5thmkgauty2qd.onion/ (BONACI GROUP)
• http://griefcameifmv4hfr3auozmovz5yi6m3h3dwbuqw7baomfxoxz4qteid.onion/ (GRIEF RANSOMWARE)
• http://ws3dh6av66sjbxxkjpw5ao3wqzmtejnkzheswm4dz5rrwvular7xvkqd.onion/ (GROOVE RANSOMWARE)
• http://hiveleakdbtnp76ulyhi52eag6c6tyc3xw7ez7iqy6wc34gd2nekazyd.onion/ (HIVE RANSOMWARE)
• http://wm6mbuzipviusuc42kcggzkdpbhuv45sn7olyamy6mcqqked3waslbqd.onion/ (LOCK DATA AUCTION)
• http://spookuhvfyxzph54ikjfwf2mwmxt572krpom7reyayrmxbkizbvkpaid.onion/blog/ (SPOOK RANSOMWARE)
• http://ransomocmou6mnbquqz44ewosbkjk3o5qjsl3orawojexfook2j7esad.onion/ (EVEREST RANSOMWARE)
• http://4hzyuotli6maqa4u.onion/ (VICE SOCIETY)

If you need to search a new ransomware group .onion addresses, below search engine can be helpful for you called as “Ahmia Search Engine”. The link is given below:

• http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion (AHMIA SEARCH ENGINE)

Apart from the search engine, below is a site which collects all the ransomware addresses. So, instead of browsing every link I just gave you, just go this site, and you can find list of “.onion” ransomware sites.

• http://ransomwr3tsydeii4q43vazm7wofla5ujdajquitomtd47cxjtfgwyyd.onion/ (RANSOMWARE GROUP SITES)

NOTE: Some links might be in russian or a language that you may not understand, just download google translate browser extensions and load the site again.

Goodbye… We will meet again.