In Brief:
- The Darkside and blackmatter ransomware operations have moved a big amount of its bitcoin.
- The Attackers have already split the funds into 7 Different wallets.
- Each of these wallets have around 7-8 BTC and the remaining 38 BTC is stored in one address, which they may continue to split.
The gangs of the Russia-based Darkside and BlackMatter ransomware operators have moved Bitcoin after law enforcement hacked the REvil’s servers. They moved around 107 BTC ($6.8 million) by splitting it into several different wallets.
The CEO of security firm Profero Omri Segev Moyal told TheRecord that the funds have been transferred to various new wallets. To make money harder to follow with a little amount being transferred with each transaction.
“Basically, since 2 AM UTC whoever controlled the wallet started to break the BTC into small chunks,” Moyal told The Record. “At the time of this writing, the attackers split the funds into 7 wallets of 7-8 BTC and the rest (38BTC) is stored” in this address.
According to Moyal, the funds were still controlled by the Darkside gang and it looks like “preparation to convert to other exchange or cashout somehow.”
As per the thread shown by Moyal “Not sure if feds or attackers, but its showing signs of typical ransomware laundering transactions.”
The funds moved six hours after Reuters reported that law enforcement agencies from several countries were responsible for hijacking the servers of ransomware group REvil. In the reaction, Darkside tried to move funds.
In June Colonial Pipeline paid a ransom worth roughly $4.4 million in bitcoin to Russia based hacking group known as Darkside. Darkside utilized malicious software to hold the company hostage. Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, valued at about the U.S$2.3 million.
The affidavit says the FBI was in possession of a private key to unlock a bitcoin wallet having most of the funds. Though it was not clear how the FBI gained access to the key.
In July ransomware hacking group REvil took down over 200 US companies. The hacking group is demanding bitcoin worth $70 million in exchange for a decrypter for infected machines. It also targeted a software company named Kaseya. The group utilized a network management package to spread the ransomware through the cloud.
