The Dark Web is the primary communications channel for most ransomware and malware. Bad actors will use this to both activate and collect your data. By enabling this feature you can stop communication through the Dark Web.

This will also prevent users from using Dark Web and many other tunneling and proxy servers for anonymizing outbound traffic.

The Dark Web is an anonymous network that can only be accessed by browsers such as Tor. By content alone it is larger than the standard indexable Web that we use everyday by about 50% and represents approximately 6% of all sites. In contrast, the standard Web represents approximately 4%. The remaining sites, often referred to as the Deep Web, include non-indexable content managed by private organizations such as governments, corporations and other institutions.


The purpose of the Dark Web is to enable anonymous access to content and prevent the identification of both the request and destination. This is achieved by anonymizing all transactions by routing requests through multiple servers across multiple continents before providing the content to the end user. It is commonly used for private communications and is a haven for illegal activity. There are few legitimate reasons to be using this network and it cannot be accessed from a standard web browser.

Since this network is anonymized by design, it is used by hackers to hide their true identity. Malware developed by these attackers usually includes (especially when dealing with ransomware) activation and transmission of data over this network. This includes ransom payments to the attackers, which normally consists of Bitcoin transfers (which is also anonymous).