Monday, December 9, 2024
banner


$7 million in Bitcoin held by the DarkSide ransomware group is on the move, five months after the Colonial Pipeline attack crippled fuel supplies along the US East Coast. These funds have remained inactive since the group closed on May 13.

DarkSide received just over $90 million in Bitcoin ransom payments of around 50 victims, before it was closed shortly after the colonial pipeline attack. The following month, US authorities confiscated 63.7 Bitcoins which was the affiliate’s share of the 75 BTC Colonial Pipeline ransom payment.

DarkSide is an example of “ransomware as a service” (RaaS). In this operating model, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target’s computer system and negotiating a ransom payment with the victim’s organization.

The DarkSide developer maintained a wallet to hold his share of the ransom payments — including 11.3 Bitcoins from the Colonial payment. May 13 DarkSide claimed that his infrastructure, including his wallet, was seized by an unknown third party. The same day the wallet was emptiedwith 107.8 bitcoins (then worth $5.3 million) sent to the new bitcoin address.

These funds remained inactive until yesterday (October 21). Starting at 7:00 GMT, the funds, now worth $7 million, were moved through a series of new wallets over the course of several hours, with small amounts being “peeled off” at each step.

This is a common money laundering technique, used to try to make it harder to trace funds and help convert them into fiat currency through exchanges. The process is ongoing, but small amounts of funds have already been sent to known exchanges.

The movement of inactive DarkSide funds comes on the same day as it was registered that the REvil ransomware group was hacked and forced onto the Internet in a government-led operation. DarkSide was strongly associated with REvillawith ransomware groups sharing similarly structured ransom notes and using the same code.

Elliptic’s clients, including financial institutions and cryptocurrency exchanges, can be alerted to all client deposits originating from DarkSide wallets using our solutions for viewing transactions and wallets.

Do you find this interesting? Share on your network.



banner
crypto & nft lover

Johnathan DoeCoin

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar.

Follow Me

Top Selling Multipurpose WP Theme

Newsletter

banner

Leave a Comment

crypto & nft lover

John DoeCoin

Learn all about cryptocurrency and NFT, we publish news and interesting fauths from the world of crypto.

@2022 u2013 All Right Reserved. Designed and Developed by Evegal.com