Ransomware groups, Darkside and BlackMatter recently moved multi-million dollars worth of Bitcoin upon getting the news of REvil’s servers getting hacked by a global coalition of law enforcement agencies. According to the authorities, 107 BTC, which amounts to $6.8 million were moved earlier today by splitting the amount into several different wallets.
Furthermore, officials revealed that the gangs were already aware of regulators’ oversight and therefore had prepared the mentioned balance to be laundered or cashed out. According to The Record, officials noted that the breakdown of funds into smaller portions is usually used for money laundering operations as the regulators directly transfer the entire amount of confiscated funds instead of splitting them up.
“Basically, since 2AM UTC whoever controlled the wallet started to break the BTC into small chunks… At the time of this writing, the attackers split the funds into 7 wallets of 7-8 BTC and the rest (38BTC) is stored in the following wallet: bc1q9jy4pq5su9slh56gryydwkk0qjnqxvfwzm7xl6”, Omri Segev Moyal, CEO and co-founder of security firm Profero shared this data with The Record.
It is obvious that the Darkside and BlackMatter were next on the regulatory hitlist as Darkside was the ransomware strain developed by REvil associates that were used earlier this year in the infamous Colonial Pipeline incident of May. This attack indirectly led to fuel supply outages across the US East Coast.
REvil ransomware group’s website went offline
Yesterday, the Reuters’ report about REvil’s servers being hijacked by the regulators went viral and threw other ransomware groups in a fit of panic. A multi-nation operation against cybercrime group, REvil was implemented and took down the group’s “Happy Blog” website, which was formerly used to leak victim data and extort companies.
“The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups,” said Tom Kellermann, an adviser to the U.S. Secret Service on cybercrime investigations and VMWare head of cybersecurity strategy. “REvil was top of the list.”, he added.