Several hackers affiliated with the DarkSide ransomware group did not receive payments for carrying out the attacks. This was reported by malware researcher 3xp0rt.
Criminals are still submitting claims to DarkSide Ransomware.https://t.co/lVlUW6bEJm pic.twitter.com/MEJxgLqrAb
— 3xp0rt (@3xp0rtblog) May 20, 2021
DarkSide operates on a ‘Ransomware as a Service’ (RaaS) model, providing the developed malware to external hackers.
Any ransom paid by victims is shared between the software developers and the hackers.
To guarantee payments, DarkSide created an escrow account on the hacker forum XSS, into which they deposited 22 BTC (more than $900,000 at the time of writing). The wallet is managed by the forum administrator. He acts as a guarantor of payments and an arbiter in case of a dispute.
A week ago, the ransomware program halted operations allegedly after losing access to public servers as a result of pressure from the United States.
That prompted the first complaints from partners who had not received compensation for their participation in the attacks.
The author of the first claim said he had been a test attacker and received only 80% of the ransom. Following this, DarkSide operators claimed to have lost access to the funds and offered the partner to withdraw the remaining sum from the deposit on XSS.
The second partner said he was unable to retrieve the bitcoins due to family issues.
The third tester claims that he received the ransom just before DarkSide shut down, as reported to the XSS administrator.
The fourth hacker, who had been responsible for an attack on a corporation, said he did not receive the final payment of $150,000.
The fifth partner said he had been sent $72,000, but health reasons prevented him from collecting them before the group’s operations ceased.
So far, the XSS forum administrator has approved a payout from the DarkSide deposit only for the first complaint. There was no response to the others.
At the same time, affiliated hackers hold the decryption keys and may continue negotiating ransoms with victims privately.
Earlier in May, the DarkSide hackers attacked the American company Colonial Pipeline, exfiltrating around 100 GB of data and shutting down computer systems.
According to the press, Colonial Pipeline paid the attackers 75 BTC.
Earlier Elliptic researchers found that over nine months the extortionists collected around $90 million in BTC from victims.
Subscribe to ForkLog news on Telegram: ForkLog Feed — all the latest news, ForkLog — the most important news, infographics and opinions.