Following the attack on servers of popular cryptocurrency ransomware group “REvil” this week, operators of the DarkSide and BlackMatter ransomware organizations have moved all their illicit Bitcoin (BTC) to multiple wallets.
Omri Segev Moyal, CEO and co-founder of the security firm, Profero, told The Record that the total 107.8 bitcoins ($6.8 million) that the DarkSide’s had so far received were broken into small volumes and transferred to different wallets.
About seven different Bitcoin wallets received between seven and eight bitcoins, while smaller volumes were sent to different addresses, the report stated.
“Basically, at 2 AM UTC, whoever controlled the wallet [bc1q2sewgrnau4e4gvceh8ykzf8lqxawpluu0k0607] started to break the BTC into small chunks,” Moyal said.
According to Moyal, the funds are still under the control of DarkSide; however, they are looking for the perfect means to cash out the illicit bitcoins.
With the funds sent to different wallets, Moyal called on cryptocurrency exchanges that have control over the wallets to block the funds from being cashed out.
DarkSide Avoids a Repeat of Its History
DarkSide’s idea to transfer all of its funds to multiple wallets seemed like the best move for the group due to its history.
Recall that the ransomware group was the main perpetrator of the devastating attack on the Colonial Pipeline in May, which resulted in fuel supply outages in the U.S. East Coast.
The firm agreed that it paid nearly $5 million in bitcoin before it could turn on its server.
After the attack, DarkSide shut down its operations due to the consequences of the action.
Commenting on why it shut down its operations, DarkSide claimed it had lost control of its server and some of the wallets storing its funds.
However, the ransomware group has since resumed its illicit operations in July under the name BlackMatter.
With REvil’s servers hacked earlier this week by multi-country cyber security as reported by Reuters, DarkSide feared its servers could be next, which may lead to a repeat of the May incident that saw it lose some of its bitcoins.
Based on this, the criminal group had to take precautionary measures by moving its funds.
The development comes a month after U.S. security operatives sanctioned a Russian-based cryptocurrency exchange that helped ransomware attackers process payments.
At the time, the U.S. treasury department disclosed it was prepared to crackdown on ransomware-related activities within its jurisdiction.