Hear, DarkSide! This honorable ransomware court is now in session | GeekComparison

Artist dolls pose next to a hammer.

A crime forum is launching quasi-judicial proceedings against the creators of DarkSide, the ransomware that shut down Colonial Pipeline two weeks ago, to hear claims from former partners who say the creators skipped town without paying. Or at least that’s what members of crime forum XSS.is would have us all believe.

A Russian-speaking person using the “darksupp” handle went to XSS.is in November to recruit affiliates for DarkSide, researchers at security firm FireEye recently said. DarkSide was the new ransomware-as-a-service in the market at the time, and it was looking for business partners.

Since then, DarkSide has cashed in spectacularly. According to recently released figures from cryptocurrency tracking company Chainalysis, DarkSide netted at least $60 million in its first seven months, with $46 million in the first three months of this year.

DarkSide made another $10 million this month, of which $5 million came from Colonial Pipeline and $4.4 million from chemical distribution company Brenntag. Last week, DarkSide suddenly went dark. A post attributed to darksupp said his group had lost control of the infrastructure and significant possession of bitcoin.

“At this point, these servers are not accessible via SSH and the hosting panels are blocked,” the post said. “The hosting support service does not provide any information except ‘at the request of law enforcement authorities’. In addition, a few hours after the seizure, money was debited from the payment server (ours and our customers’) to an unknown account.”

Since then, nothing has been heard from DarkSide.

Under the terms of the deal signed with XSS, DarkSide will pay affiliates 75 percent of the ransom that is less than $500,000. The discount goes up to 90 percent for ransoms over $5 million. But according to multiple DarkSide affiliates on XSS, the RaaS provider has gone into hiding without fulfilling its obligations. The affiliates have requested a refund of a deposit with a balance of approximately $900,000 that DarkSide had to make to XSS.

Here are three such posts. Look out for legal terms like “plaintiff” and “defendant.”

Unsurprisingly, XSS organizers would check their site exactly as they do in these discussions. After all, the cybercrime economy is booming, but in order for XSS to make money, the forum must be seen as operating on a level playing field. Ultimately, however, it is impossible to know whether this procedure is real or just an act.

“This is a community of cybercriminals who know their forum is controlled by LE, security companies and the press,” said Brett Callow, threat analyst at security firm Emsisoft. “It’s very likely that some communication is done just to confuse problems. Smoke and mirrors.”

With DarkSide disrupting gas supplies to large parts of the US two weeks ago, the FBI will no doubt put its full force on this venture if given the chance. DarkSide owners are probably feeling the heat, even if the ransomware lawsuit is just an act.

Leave a Comment