The decision of the DarkSide ransomware gang to shut down operations is causing chaos among its network of affiliates, who have complained about not receiving the payments for their successful breaches.
The affiliated are asking the administrators of a Russian-language hacker forum to unlock the funds in bitcoins they are maintaining as part of the escrow process.
The ransomware gang transferred in the wallet of the popular hacker forum XSS 22 bitcoin as proof of their reputation., and the funds are administrated as part of the escrow mechanism offered by the platform.
Many experts speculate the gang opted for an exit scam keeping for them the ransom paid by the victims of its network of affiliates. On the other side, DarkSide operators claim to have shut down operations due to pressure from the US authorities after the attack on Colonial Pipeline.
Researchers from Bleeping computers reported a series of claims submitted by members of the hacking forum that supported the operations of the DarkSide ransomware gang with different roles. Some affiliates worked as pentester for some attacks or on corporate breaches.
DarkSide operations begun in the threat landscape in August 2020, the group carried multiple attacks against organizations worldwide.
Experts from blockchain analysis firm Elliptic estimated that the Darkside ransomware gang has earned over $90 million from ransom payments from its victims since October 2020.
“In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets.” reads the report published by the Elliptic. “According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”
Follow me on Twitter: @securityaffairs and Facebook
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, DarkSide ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Palo Alto Networks addressed multiple vulnerabilities and included the latest Chrome patches in its solutions.…
Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec…
Cyberattack on United Natural Foods Inc. (UNFI) disrupts deliveries, causing Whole Foods shortages nationwide after…
Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on…
Apple confirmed that a security flaw in its Messages app was actively exploited in the…
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer…
This website uses cookies.
