Since the ransomware group DarkSide was discontinued, several partners have begun to complain about the lack of payment for past services. The partners have made a claim for bitcoins stored on a hacker forum. This was reported by Bleeping Computer.
Russian-speaking cybercriminal communities usually use a special cryptocurrency account in order to avoid fraud between sellers and buyers. For ransomware transactions, the collateral is a guarantee that serious business is being conducted.
In order to gain the trust of potential partners and expand its activities, DarkSide has posted 22 bitcoins on the popular XSS hacking forum. The wallet is managed by the site administrator, who in this case acts as a guarantor for the group and as a partner in the event of a dispute.
Earlier, DarkSide ceased its criminal activities and told partners that the decision was made after the loss of access to their public servers and “due to pressure from the United States” after the attack on the American fuel giant Colonial Pipeline.
The end of DarkSide ransomware-as-a-service (RaaS) activity was sudden and clearly left some unfinished business. Five partners complained that the operators owed them money for the ransom paid or for hacking services.
According to the first partners, they carried out the main part of the attack and should have received 80% of the ransom amount. The victim paid, however, the DarkSide operators stated that they no longer have access to the funds and the partner can use the XSS deposit to receive the payment.
According to other partners, they had bitcoins on the partner portal but had to rush to their relatives before they could receive funds.
Another partner worked on hacking corporate networks but never received his last payment of $ 150 thousand. Another partner was transferred $ 72 thousand to the partner portal, but he could not receive it until the group stopped working.
In the case of the first claim, the forum administrator approved the compensation from the DarkSide deposit. Other partners have not yet received a response from the administration.
Catch up on more articles here
Follow us on Twitter here