Aug 10, 2022 12:15:37 PM | 2 Min Read

Techniques for Uncovering Anonymous Ransomware Sites on the Dark Web

Posted By
Techniques for Uncovering Anonymous Ransomware Sites on the Dark Web

Ransomware actors have taken multiple measures to hide their real identity online along with the hosting location of their web server infrastructure.

Operational Security Missteps

The majority of ransomware operators use an out of country hosting provider to host their ransomware operations sites.  Additionally, the use of VPS hop-points, TOR network, and DNS proxy registration services are used as an extra layer of protection to keep their identity anonymous. 

Cybersecurity firms can take advantage of the threat's operational security missteps to identify their hidden identity.  They are able to identify TOR hidden services hosted on public IP addresses.

Checking the favicons 

Favicons are the icons that show up in your browser window next to the web address.  It is often the logo that is associated with your brand.  Similarly, the sites on the darknet have favicons or logos that are associated with their sites.  It is one of the key identifiers for cybersecurity firms looking to catch criminals.

Through the use of web crawlers, cybersecurity firms check the favicons associated with the darknet websites against public internet.  This method is used to uncover the threat's clear web infrastructures.  The criminals' leak sites accessible for any user on the internet along with other infrastructure components are left exposed, which makes it possible to obtain the login locations that are used to administer the ransomware servers.

Now more than ever, cybersecurity firms are looking for employees to help combat these criminals.  If you are interested in this field, take a look at our job openings to see if one is a right fit for you!

endevis has evolved into a national talent & workforce solutions provider with offices throughout the nation. With a focus on healthcare, engineering, and IT staffing, the organization has won a handful of awards across its Professional Direct Placement, Professional Contract Staffing, and Recruitment Process Outsourcing Solutions. For more information, please email

Topics: Career Insight, Workforce, Cybersecurity

Related Posts

3 Cybersecurity Hiring Trends for 2023

The Cybersecurity field is still growing. According to the U.S. Bureau of Labor Statistics, the...

Read More

Seasonal Employees - What to Look for in the Tennessee Job Market

Tis the Season for holiday employees. What's the scoop in middle TN for the job market? The...

Read More

Tips for Sourcing the Best Cybersecurity Talent

The cybersecurity industry has the same hiring problems as other industries. Open jobs have...

Read More