The first in the blacklist is Chatex, that facilitated financial transactions for malware actors. After DarkSide, also REvil actors finish in the DoS reward program.
The group’s Tor sites began displaying a message stating that it “will be closed soon”. It seems a preventive move to try to escape from the DarkSide fate.
It seems the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. Is the attack on Colonial Pipeline related?
Recorded Future cybersecurity experts: The ransomware group will notify info to crooked market traders in advance, so they can short a company’s stock price.
Bleeping Computer: They donate $20,000 to Children International and The Water Project. But money comes from ransomware criminal activity, and the organizations won’t keep it.