Ransomware: DarkSide moves its bitcoins after REvil's fall

The DarkSide group had set up a Ransomware-as-a-Service business model where affiliates carry out infections and negotiate the payment of a ransom. For a value of around $ 7 million, last week he moved bitcoin funds that had been inactive for a long time.

This move was spotted by the analytics firm of Elliptic cryptocurrencies. Within hours, the funds were transferred to several new digital wallets with small amounts at each step.

This is a technique common money laundering, used to attempt to make funds harder to track and to facilitate their conversion into fiat currency when exchanging , “Elliptic writes


Fear of further reprisals after REvil

The merry-go-round began in the wake of information from Reuters about a hacking operation of the REvil ransomware group carried out by law enforcement agencies, and notably with the contribution of the American cyber army.

The ransomware code used by DarkSide has often been compared to that used by REvil. DarkSide was linked to the cyber ransomware attack that hit and crippled for days one of the largest oil pipelines in the United States operated by Colonial Pipeline.

According to Elliptic, DarkSide had received the equivalent of just over 04 millions of dollars with bitcoin ransom payments from some fifty victims before shutting down operations after the (too) big attack on Colonial Pipeline.

In May, the group had suggested that part of its infrastructure had been seized by the authorities. It had, however, reappeared with a new infrastructure and the name BlackMatter.

Back to top button