Edition ZDNet reports that the hackers behind the Darkside ransomware donated $ 10,000 in ransom payments to Children International (a nonprofit that helps children living in extreme poverty) and The Water Project (a nonprofit that aims to ensure access to clean water in sub-Saharan Africa). Last week, each organization received 0.88 bitcoin from hackers (1, 2).
The Darkside group has been active since August 2020 and is a classic "big game hunter", that is, it mainly attacks large corporate networks, encrypts data, and then demands huge ransoms from the affected companies.
If victims refuse to pay, Darkside members publish the data stolen from victims on their darknet site.
“As we wrote in the first press release, we are only targeting large and profitable corporations. We think it's fair that some of the money they paid will go to charity. No matter how bad you think our work is, we are still glad that we helped change someone's life, ”the hackers write on their website.
This "press release", as the hackers call it, followed another statement released in August this year. The group then promised not to encrypt files belonging to hospitals, schools, universities, non-profit organizations and the public sector. Whether the criminals kept their promise is unknown. It is worth saying that at the beginning of the COVID-19 pandemic, other ransomware hack groups also promised not to attack the health sector, and many ultimately kept their word.
However, ZDNet notes that none of the non-profit organizations to which the Darkside operators have transferred money will be able to keep these "donations", since the receipt and use of funds obtained illegally is also illegal. Therefore, donations are likely to be confiscated or returned to senders.
Interestingly, Darkside is far from the first hack group to donate money to charities and nonprofits. For example, in 2016, the Phineas Fisher group claimed to have hacked a bank and donated money autonomous Kurdish entity Rojava.
In 2018, the operators of the GandCrab ransomware released free decryption keys for victims in Syria and added an exception to our code that prevented malware from encrypting the files of people in this country. Ironically, it was this exception for the Syrian victims that ultimately helped cybersecurity specialists connect the group with the REvil malware, when the GandCrab operators announced their termination of activity and began working on the REvil (Sodinokibi) malware.