Multiple associates have protested about not being charged for past services since the DarkSide ransomware operation was shut down a week ago, and have filed a petition for bitcoins in escrow on a hacker forum. Escrow systems are popular in Russian-language cybercriminal cultures to prevent scams between sellers and buyers. The deposit is a direct message from ransomware operations that they mean business.
DarkSide is a ransomware vulnerability that has been active since at least August 2020, when it was used in a cyberattack against the Colonial Pipeline in Georgia, causing a significant fuel supply disruption along the US East Coast. The malware is distributed as a service to various cybercriminals through an affiliate scheme and, like other well-known ransomware threats, uses double extortion, combining file encryption with data theft, and is installed on compromised networks through manual hacking techniques.
DarkSide deposited 22 bitcoins on the famous hacker forum XSS to gain the confidence of potential partners and expand the operation. The wallet is administered by the site’s administrator, who also serves as a guarantor for the gang and an arbitrator in the event of a dispute.
Many analysts believe the group used an escape scam to retain the ransom money they received from their network of affiliates. DarkSide operators, on the other hand, claim to have halted operations as a result of US government pressure following the assault on the Colonial Pipeline.
Last year, the REvil ransomware deposited $1 million in Bitcoin to a separate hacking website in order to recruit new members. This action demonstrated that they trusted the forum administrator with the money and that there was plenty to be made.
Researchers discovered a series of allegations made by members of a hacking forum who claimed to have played various roles in the DarkSide ransomware gang’s operations. Some associates assisted in the pentesting of threats or organizational breaches. According to Elliptic, a blockchain research company, the Darkside ransomware gang has received over $90 million in ransom payments from its victims since October 2020.
“In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets.” reads the report published by the Elliptic. “According to DarkTracer, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom and that the average payment was $1.9 million.”