A ransomware gang going by the name “Darkside” had donated some share of its ransom demand to the charity organizations that it had extorted from victims. The recipient NGOs include a non-profit organization sponsoring children below poverty line named “Children International” and another non-profit institution called “The Water Project” that offer access to clean and reliable water all across sub-Saharan Africa.
The ransomware group is believed to be active since August 2020. Supposedly, the hacker group is an example of a classic “big game hunter” which means that it specifically targets the massive corporate networks and encrypts their data followed by conducting huge ransom demand. The random demand goes up to millions of US Dollars.
Suppose the victim company refuses to pay out the ransom demand placed by Darkside. In that case, the hacking group leaks the compromised data online on a dark web portal that they are currently operating.
“As we said in the first press release – we are targeting only large profitable corporations,” the Darkside group wrote in a page on their dark web portal, published on Monday.
“We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life,” the group also added; before posting proof of their two donations.
Owing to the fact that the donations were resultant to an illegal act, hacking, thus the recipient organizations cannot keep the received donations. Therefore, the funds will be either seized or returned.
This is a “follow up press release” of the one that had been published in August 2020, as the hacker group calls it. In the initial press release, Darkside had promised that they would not encrypt the files of the hospitals, universities, schools, colleges, the government sector and the non-profit organizations.
Currently, it is not possible to tell if they had kept their promise. Other ransomware groups had also given their word on not to compromise data of the healthcare sector when the Covid-19 pandemic broke out. But eventually, they went back to what they usually do.
Moreover, the Darkside group is not the only ransomware gang that had donated a part of the ransom demand to the non-profit organizations and charities.
Back in 2016, another ransomware group named “Phineas Fisher” had claimed that they had hacked the database of a bank and had donated the funds acquired from the ransom demand to the Rojava autonomous Syrian province.
In 2018 also, the ransomware group going by the name “GandCrab” had released free decryption keys for the war-torn Syria located victims.
The GandCrab gang too added an exemption into their code that would work by not encrypting the files for the victims that are located in that country. But it is an irony that the conventional exemption for the victims of Syria had helped the security researchers to bind the ransomware group to the REvil ransomware after the GandCrab group closed. The group had later renamed themselves and was known as REvil or Sodinokibi.
Disclaimer: Read the complete disclaimer here.