The DarkSide Ransomware operators seem to be moving their monetary assets which they acquired through extortion and blackmail. About $7 million worth of Bitcoin tokens is rapidly moving in ever-decreasing denominations, which is a typical money laundering pattern.
Millions of dollars worth of Bitcoin cryptocurrency is on the move in the virtual world, indicated cybersecurity company Profero. The way in which the virtual currency is moving between multiple wallets is identical to the way money laundering takes place.
DarkSide ransomware gang is moving 107 Bitcoin cryptocurrency tokens as Federal agencies tighten their reins:
The DarkSide ransomware gang, operating Ransomware as a Service, and Malware as a Service, seems to be taking its ill-gotten money and running. The operators have been quite successful in vetting, targeting, compromising, and extorting multiple businesses and government services.
DarkSide ransomware rushes to cash out $7 million in Bitcoin#calgroups #calsaig #knowledgeark #CyberSecurity #DARKSIDE #ransomware #Bitcoin #REvil #LawEnforcement #UnitedStates #ColonialPipeline #cryptocurrency #paymentsecurityhttps://t.co/eqXL3TJoBV
— Specialist Advisory & Intervention Group (@CalSAIG) October 23, 2021
The gang shot to infamy after it successfully crippled Colonial Pipeline, the largest fuel pipeline in the United States. It was after this attack that the U.S. government started to aggressively pursue multiple leads and ransomware creators.
Multiple Federal agencies and independent departments are actively capturing illegal digital assets, and even going after malicious code writers on the Dark Web.
The operators of the Darkside and BlackMatter ransomware strains have moved a large chunk of their Bitcoin reserves after news broke that REvil was hit by a law enforcement takedown. https://t.co/0v7xW4w4sg
— Roman Olejnikov (@ROlejnikov) October 23, 2021
Presumably sensing the Feds closing in on them, the DarkSide ransomware gang could be rushing to liquidate its assets. The majority of the ill-gotten funds of the gang are in Bitcoin.
DarkSide gang moving its cryptocurrency assets through multiple wallets in ever-decreasing denominations:
Omri Segev Moyal, the CEO, and co-founder of cybersecurity company Profero, indicated that 107 Bitcoins from a DarkSide wallet are on the move through multiple wallets.
The collective value of the transactions indicates the gang is moving about $7 million. It is not immediately clear if the gang has amassed even more loot.
The 107* BTC from Colonial PipeLine ransomware has moved to a new wallet: "bc1q2sewgrnau4e4gvceh8ykzf8lqxawpluu0k0607" > "bc1qvya30xewdeatneqj90ypvzq4kjzgyz8cnvu7rm"
Transaction hash: "8fe2131dd4b4be77034c3af4928415c2daffed950572d270d5e9dd1aa6b71088"
Feds control wallet?
— Omri Segev Moyal (@GelosSnake) October 22, 2021
In a blog post, blockchain analysis company Elliptic revealed how DarkSide’s cryptocurrency flowed through different wallets. The transfers began with 107.8 BTC and while moving through multiple wallets ended with just 38.1 BTC.
Some financial experts indicate this is the same way the money laundering process takes place. The primary intention behind moving money in this way is to hinder tracking. In the case of the DarkSide gang’s transactions, the group seems to be trying to convert its cryptocurrency to fiat money.
DarkSide Ransomware Hackers Rush to Cash Out $7 MILLION in Bitcoin
Operations using multiple new wallets have seen almost $7MN #Bitcoin over the last 24 hours, in what appears to be a huge #MoneyLaundering scheme.
මේ සදහා පුරවැසියන් විරුද්ධ විය යුතු නැහැ, මන්ද යත් මේ නැතිවෙන්නේ pic.twitter.com/ZpasrUngm9
— Truth First – Lanka (@ApiWenuwen) October 23, 2021
Incidentally, the Colonial Pipeline hack might be the one that got the group notoriety. However, the group couldn’t keep the assets from the attack for long.
Previous reports indicate Colonial Pipeline paid the 75 BTC (around $5 million at the time) ransom. But the Department of Justice indicated that Federal agencies were successful in recovering 63.7 BTC.