Quote:Cybercriminals who have worked as affiliates with ransomware group DarkSide, responsible for the Colonial Pipeline attack, are having a tough time getting paid for their work now that the group has had its operations interrupted; so, they’re turning to admins of the group’s Dark Web criminal forum to sort things out in what researchers call a “shady version of the People’s Court.”
Ransomware-as-a-service (RaaS) providers like DarkSide strike arrangements with various other cybercriminals to provide malware for their campaigns in exchange for a percentage of the take — and business is booming. Ransomware attacks have spiked by 350 percent since 2018.
“It should come as no surprise that RaaS groups literally treat their operations as a business – interviewing potential team members, establishing a work agreement and providing the tools to get the job done,” John Hammond, a senior security researcher with Huntress, told Threatpost in an interview. “Cybercrime groups have to be selective and handpick members of their cohorts – they take their work seriously, and obviously it can be a lucrative gig.”
Huntress has been monitoring these cybercriminals and watching them settle disputes among themselves. Specifically, Huntress has observed a growing number of complaints being submitted claiming DarkSide is in breach of the terms of its affiliate program. The claims are being settled among admins in a well-defined “hackers’ courtroom” and payments made by admins out of a DarkSide deposit they control.
Read more: DarkSide Getting Taken to ‘Hackers’ Court’ For Not Paying Affiliates | Threatpost
![[-]](https://www.geeks.fyi/images/collapse.png)
