The decision of the DarkSide ransomware gang to shut down operations is causing chaos among its network of affiliates, who have complained about not receiving the payments for their successful breaches.
The affiliated are asking the administrators of a Russian-language hacker forum to unlock the funds in bitcoins they are maintaining as part of the escrow process.
The ransomware gang transferred in the wallet of the popular hacker forum XSS 22 bitcoin as proof of their reputation., and the funds are administrated as part of the escrow mechanism offered by the platform.
Many experts speculate the gang opted for an exit scam keeping for them the ransom paid by the victims of its network of affiliates. On the other side, DarkSide operators claim to have shut down operations due to pressure from the US authorities after the attack on Colonial Pipeline.
Researchers from Bleeping computers reported a series of claims submitted by members of the hacking forum that supported the operations of the DarkSide ransomware gang with different roles. Some affiliates worked as pentester for some attacks or on corporate breaches.
DarkSide operations begun in the threat landscape in August 2020, the group carried multiple attacks against organizations worldwide.
Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million from ransom payments from its victims since October 2020.
“In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets.” reads the report published by the Elliptic. “According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, DarkSide ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.…
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer…
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics…
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
This website uses cookies.