DarkSide ransomware hackers try to disappear without paying their cybercriminal partners

A couple of weeks ago, those responsible for DarkSide, one of the biggest ransomware as a service (RaaS) platforms announced the closure of their operations, which began to create chaos in illegal hacking forums due to the alleged debts this group has to some of its affiliates for successful attacks.

Groups affiliated with this cybercriminal operation are demanding that DarkSide-protected funds be unlocked in the form of a cryptocurrency as part of a security deposit so that debts are settled. The ransomware band operates its cryptocurrency addresses on the popular XSS malicious hacking forum, to which 22 Bitcoins were recently transferred as proof of their reputation. These funds are managed as part of the custody mechanism offered by the platform.

Some members of the cybersecurity community believe that hackers are actually operating a fraudulent exit, so they will try to recover these funds for themselves instead of paying affiliates. The official version, revealed by DarkSide operators themselves, mentions that this malicious operation will close due to U.S. government investigations initiated after the attack on Colonial Pipeline.

On the other hand, the BleepingComputer research team notified about a series of complaints filed by some members of the hacking forum where DarkSide creators operated requiring administrators to make the outstanding payment.

On DarkSide, experts mention that this hacking group began operating in the mid-2020s, deploying multiple devastating attacks on targets around the world. A recent report by blockchain analytics firm Elliptic notes that this hacking group would have made about $90 million over the past six months as a result of its attacks.

Experts note that the money obtained by hackers was sent from at least 47 different Bitcoin addresses, suggesting that threat actors performed nearly 50 successful attacks, earning an average of $1.9 million USD in each ransom.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.