[TheRecord] DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement

The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that fellow ransomware gang REvil had its servers taken over by a coalition of law enforcement agencies.

Approximately 107 BTC ($6.8 million) were moved earlier today, according to Omri Segev Moyal, CEO and co-founder of security firm Profero.

“Basically, since 2AM UTC whoever controlled the wallet started to break the BTC into small chunks,” Moyal told The Record.

“At the time of this writing, the attackers split the funds into 7 wallets of 7-8 BTC and the rest (38BTC) is stored in the following wallet: bc1q9jy4pq5su9slh56gryydwkk0qjnqxvfwzm7xl6.”

Image: Omri Segev Moyal

Moyal said he believed the funds were still controlled by the Darkside/BlackMatter gang and were being prepared to be laundered or cashed out.

He said that law enforcement agencies typically move seized assets to a new wallet under their control and wouldn’t need to break the funds into smaller chunks, a step typical in money laundering operations.

Darkside moves $6.8 million, fearing a repeat

The funds were moved roughly six hours after Reuters reported that a coalition of law enforcement agencies from several countries was responsible for hijacking the servers of fellow ransomware group REvil over the weekend.

The Darkside group’s quick reaction to move funds and re-asses control is justifiable in light of the gang’s history and past attacks.

Darkside was the ransomware strain used in the incident that crippled the operations of Colonial Pipeline in May, an attack that indirectly caused fuel supply outages across the US East Coast.

In light of the attack and its political repercussions, the Darkside gang shut down its operations a week later. At the time, the gang claimed they shut down after they lost control over some servers and some cryptocurrency wallets (money).

Nevertheless, the gang re-launched in July with new infrastructure and under the new name of BlackMatter.

Moving some of its funds shortly after the REvil takedown news makes sense since the gang would like to make sure they don’t lose funds for a second time, during another law enforcement crackdown.

Moyal has now notified and asked cryptocurrency exchanges to block the Darkside/BlackMatter wallets holding their new funds, but the fractured cryptocurrency exchange landscape still leaves many ways for the group to launder its profits.

Dear #bitcoin exchange platform, please block the following wallets from the incoming transactions: https://t.co/NwNiIno5mX

Attackers have split the BTC into 7 wallets with what looks like preparation to convert to other exchange or cashout somehow.

— Omri Segev Moyal (@GelosSnake) October 22, 2021

The post DarkSide ransomware gang moves some of its Bitcoin after REvil got hit by law enforcement appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[ESET] Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack

All posts, ESET feed

The latest Patch Tuesday brings a new batch of security updates addressing a total of 117 vulnerabilities The post Microsoft Patch Tuesday fixes 13 critical flaws, including 4 under active attack appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More

[ZDNet] Banks now rely on a few cloud computing giants. That’s creating some unexpected new risks

All posts, ZDNet

The Bank of England has urged financial institutions to remain cautious when switching to the cloud. Here’s why. Source: Read More (Latest topics for ZDNet in Security)

Read More

[ESET] Week in security with Tony Anscombe

All posts, ESET feed

Steps to take right after a data breach – What to consider before going passwordless – 7 million people hit by Robinhood data breach The post Week in security with Tony Anscombe appeared first on WeLiveSecurity Source: Read More (WeLiveSecurity)

Read More