Cybersecurity researchers believe that BlackCat is made up of former members of the Russian cybercriminal hacking group DarkSide/BlackMatter, which was responsible for the 2021 attack on Colonial Pipeline that caused gas shortages up and down the East Coast. And according to an FBI advisory, "Many of the developers and money launderers for BlackCat/ALPHV are linked to DarkSide/BlackMatter, indicating they have extensive networks and experience with ransomware operations."
Yeah DarkSide got it right in their dark side LOFL.
U.S. seizes $2.3 mln in Bitcoin paid to Colonial Pipeline hackers
This was my post on our FR thread in 2021.
"Mandiant was contacted before the ransom was paid, and they, in conjunction with alphabets, poisoned the wallet."You want your money? Here is a ransom wallet and n/p." If you could root that and make the bad guy believe it was legit all the way to their blockchain transfer to their own wallet or attempt a transaction .... boom.
Instead of paying Putlims and Yung Fat Heartattack, Colonial paid a fraction of that money to a serious US 3rd-party IT security team, who in addition to participating in poisoning the wallet, likely also built a new, secure network for Colonial.
Note that the alphabets also disgronified Darkside to the point where they have gone all-in on distributing these attacks now (and licensing the ransomware), rather than their prior piecemeal revenue stream approach, figuring not everyone can afford Mandiant or are mission-critical enough to pull alphabet weight.
However, we still have reached a tipping point where, instead of these stupid ransomware victims paying up because their water-brained IT guy panics, are now aware that the price point is much lower to have a small, state-of-the-art IT security team simply poison the wallet, while securing the network you had, with the prevention you were lacking."
Is bitcoin the primary method used to extort money by the hackers from the target or do they still take cash or how does it work?