Ransomware operators are donating their ransom money to charities; the FBI is very confused about it

A group of ransomware operators known as Darkside has been extorting various companies around the world, although they do not seem to pursue the same purposes as other similar hacking groups. Through a dark web forum, criminals posted receipts for $10,000 USD in Bitcoin donations sent to two nonprofits.

In their publication hackers claim that their attacks are only directed against the companies that generate the most profits in the world, encrypting access to their IT systems until companies give in and decide to pay a ransom: “We believe it is only fair that some of the money these companies have given us is destined for charity.”

Children International, one of the organizations that received these donations has already confirmed that it will not keep the money: “If the donation is linked to malicious hacking, we have no intention of keeping it.” Children International supports marginalized children, families and communities in India, the Philippines, Colombia, Ecuador, Zambia, the Dominican Republic, Guatemala, Honduras, Mexico and the United States.

La imagen tiene un atributo ALT vacío; su nombre de archivo es robinhood2010202001.jpg

The second organization to benefit from this incident is The Water Project, which works to improve access to safe drinking water in sub-Saharan Africa. Representatives of this charity have not responded to requests for comment.

La imagen tiene un atributo ALT vacío; su nombre de archivo es robinhood2010202002.jpg

In this regard, cybersecurity specialist Brett Callow does not believe that criminals will follow a specific goal by making these donations: “They may just want to atone for their faults, perhaps they are self-centered who want to be recognized as a modern version of Robin Hood, although they remain criminals acting without regard.”

Darkside was detected as a ransomware group relatively recently, although authorities have detected multiple cryptocurrency addresses linked to this group, indicating their current level of activity. The cybersecurity community also believes that Darkside has links to the world’s most important ransomware groups, so they will certainly remain active in the future.

Authorities have also been concerned about the method used by Darkside to make donations. Apparently, hackers used a service called The Giving Block, a solution specifically designed to manage cryptocurrency donations used by dozens of charities around the world, including Save The Children, She’s The First, among others.

La imagen tiene un atributo ALT vacío; su nombre de archivo es robinhood2010202003.jpg

A representative of The Giving Block mentioned that they did not know that donations were made by cybercriminals: “We continue to work to determine the provenance of these assets; if it turns out that the money is associated with any criminal activity, we will manage to send the money to its rightful owners.”