People are asking how the OSINT nerds found the guy that drained the cancer bro.

Well, it's very shrimple

The shitty malware sent all the stolen data to a Telegram the scammers made.

We connected to the Telegram channel using the same credentials that were inside of the shitty malware

Inside the channel was the scammer(s)

We got their Telegram IDs

OSINT nerds used their Telegram IDs to see if they were in any other public facing chatrooms.

One of the scammers in there was in several fraud chatrooms. He advertised looking for a video game programmer to make a basic 2D game. He also advertised needing help with some malware stuff.

In a different chatroom he talked about how much he likes skateboarding.

In a different channel he shared his Instagram and was sharing photos of himself next to expensive cars

Then, OSINT nerds looked at his Instagram which had a LinkTree. His LinkTree linked to literally everything about the guy including his YouTube, PayPal, Kick, Twitter, etc.

So either he is a master of disguise, and ran a year long detrace campaign to throw off OSINT nerds in the event he's caught scamming

Or alternatively, he wasn't aware public Telegram chatrooms are public and could be searched easily.

I honestly expected to just reverse engineer this shitty ass fuckin Block Blaster drainer bullshit and go on about my day

The past 2 days has been fucking insane with victims coming forward, people being extorted and threatened, all sorts of shit

What the fuck is crypto bro

I was in some weird ass chat with drainers arguing and going schizo on each other. Seeing people dox and threaten violence on others

I have no fucking idea wtf is going on dawg I just like malware and cats wtf am I doing here bro

I received a message today from an ex-affiliate of Lockbit ransomware group who is currently on FBI's Most Wanted.

He told me he thought it was disgusting someone would cryptodrain a cancer patient.

dawg this guy ransomed elementary schools. even he thought it was too low😭

this guy extorted elementary schools, governments, businesses (large, medium, small), even shit like police stations

bro said, "wtf why he rob a cancer patient?" 😭😭

I forgot there is a huge chunk of people who aren't in information security and missed the entire VXUG TMZ era where we met people from FBI Most Wanted, the Taliban, got electronics from North Korea, and got sent cat pictures from the FBI

2022 - 2023 VXUG was crazy

Bad news for docker torrent nerds today.

Hotio docker container thingy for Linux torrent stuff was poisoned and contains an XMR miner (XMRig). One of the developers memed intentionally poisoning it last year (???)

Chat, what is going on?

https://apogliaghi.com/2025/09/crypto-miner-in-hotio/qbittorrent/

Weird thing to say on Discord. Hopefully it was just a meme and bro wasn't really scheming to XMRig tons of people

Day in the life of working at vx-underground:

> Wake up
> Take a shit
> Get out of bed
> Scroll MISP looking at malware
> Download malware
> Skim some papers
> Skim DMs (cat pictures and stuff)
> Scroll MISP looking at malware
> Spam cat pictures randomly
> Go eepies

There appears to be some confusion about this post and how groups such as Lockbit operate.

Lockbit offers a "service" of ransomware. He gives you a pretty panel, some tools for making ransomware (his), a chatroom to harass victims and bully them, etc.

In exchange for him providing this service he takes a cut of any money you receive from ransoming companies.

Lockbit ransomware group did ransom hospitals. However, it was not "Lockbit" the "service" provider. Rather, it was someone who used his service.

The people who use this service are called "affiliates".

At Lockbits peak they had over 100 affiliates. Some affiliates did ransom hospitals. This particular affiliate who messaged me, who is FBI Most Wanted, believed it was unethical to ransom healthcare because it could potentially endanger someone's life. Although, he was still a criminal and harassed, bullied, and extorted companies of all sizes including public schools. One time he ransomed a car wash. He didn't care.

Anyway

Lockbit themselves (the "service" provider) allowed affiliates to ransom hospitals because ... they didn't really care. Lockbit (the service provider) approved of schools, churches, non profits, hospitals, doctors, government agencies, etc. to all be victims of ransomware. He didn't really have exclude anything. Nothing was off limits.

Lockbit (the service provider) made an estimated $1,000,000,000 from their crimes as providing this service and facilitating ransomware all across the planet.

One administrator resides in Russia. The other (ex administrator) was located in Israel. However, he was arrested and deported to the United States some time ago when the FBI found him.

Yesterday someone was being very silly and defaced Nintendo's topics page. Nintendo has restored the deface.

No data was stolen.

Archive: https://archive.ph/n5Lgp

me getting on the computer when someone needs pictures of cats

> 2 day ago
> collins aerospace hit by ransomware
> 5hrs ago
> "hardbit ransomware" did it
> 1hr ago
> nca arrests hacker for collin aerospace attack

wtf

tldr ransomware arrest speedrun attempt

p fast at being busted, doesnt top gta extortion guy tho. bro got caught in like, 12hrs. thats an all time record. hard to beat that

Wtf the guy they arrested for the ransomware attack against Collins aerospace thingy was in his 40s

He's gonna be charged as a terrorist.

What was he thinkin