The usage of Bitcoin by cybercriminals is a subject of concern for non-coiners. It is a truth that the most popular cryptocurrency is used for illegal activities.
However, all other forms of payment are also employed. But there is a distinction: a blockchain Every Bitcoin transaction is permanently recorded. A topic that the DarkSide series expertly portrays.
Remember this as the story unfolds: the developers of DarkSide are world-class computer specialists. We can presume that they were extremely cautious, utilised all available resources, and concealed their tracks. And they most likely performed it at a degree of excellence that no casual cybercriminal could match.
What Is DarkSide?
We need to cite the experts to do this properly. Reporter and computer security specialist Brian Krebs claims:
DarkSide is a platform that vetted thieves may use to infect businesses with ransomware and conduct discussions and payments with victims. It first appeared on Russian language hacking forums in August 2020. According to DarkSide, it only targets large corporations, and affiliates are forbidden from using ransomware to lock up businesses in the healthcare, funeral, education, public, and nonprofit sectors.
Hacking the Colonial Pipeline
This month, a severe hack on Colonial Pipeline prompted the company to close 5,500 miles of pipeline in the United States, paralysing the gas supply networks in the Southeastern states. The FBI attributed the assault to DarkSide.
Intel471, a cybersecurity company, provides more information:
At the time of this publication, neither the operators of DarkSide nor any data belonging to the company have admitted guilt for the Colonial Pipeline attack. On May 10, 2021, the group did, however, issue a statement implying that it might have been involved in the attack. In the release, the operators promised to implement “moderation” going forward by thoroughly vetting any businesses that DarkSide affiliates desire to encrypt “to minimise social ramifications in the future.”
The Counterattack
The disclosure appeared to come too late. Unidentified authorities confiscated DarkSide’s servers a few days later. and drained their Bitcoin balance. What led to this? Nobody is aware. The group nevertheless immediately declared its retirement.
The criminal organisation declared its closure after its servers were taken and cryptocurrency from an account used to pay associates was stolen.
A post from a forum dedicated to cybercrime was forwarded to the Russian OSINT Telegram channel with the following message: “Servers were seized (country not specified), the money of advertising and founders was transferred to an unknown account.”
Where is DarkSide’s Bitcoin?
Elliptic, a London-based analytics company, found DarkSide’s wallet in a matter of hours, demonstrating once more how persistent the blockchain is. CNBC notes:
Elliptic claimed in a blog post on Tuesday that 47 victims had paid at least $90 million in bitcoin ransom to DarkSide and its associates over the previous nine months. There were probably $1.9 million in payments on average from organisations.
Naturally, the majority of the cash was absent. Keep in mind that this was a platform for ransomware-as-a-service. Elliptic claims that the majority of the money went to accounts associated with DarkSide. The $5.3M in Bitcoin was inside when law police took possession of it, most likely from the previous incident.
Hiding that Bitcoin
In a conclusion, Intel471 describes one of the resources the hackers were utilising:
The operators will need to devise a new method of “washing” the cryptocurrency they receive in exchange for ransom payments. Avaddon, DarkSide, and REvil stopped using BitMix, a well-known cryptocurrency mixing service, as Intel 471 has noted. Some people who appeared to be using the service reported being unable to access BitMix in the previous week.
So perhaps Bitcoin isn’t the best option for online criminals? To us, it would be extremely inconvenient for all of your transactions to live forever on the blockchain.
