Ransomware Unmasked: Dispute Reveals Ransomware TTPs
Two of the more well-known Russian-language forums have “arbitration” or “complaint” sections where members can present complaints and evidence against other members involving financial disputes or claims. Those disputes, with evidence provided non-publicly to the moderators/arbitrators, often provide interesting insights into threat actors’ methods or relationships.
In the past few weeks, there have been two such matters of special note. One was a claim — and counterclaim between “UNKN” of REvil (Sodinokibi) and “Signature.” The second one involved claims made against DarkSide after they folded operations after their servers were taken down and monies diverted by unknown parties.
Gemini Advisory has written up the first dispute to show what they learned from the dispute. You can read their blog post on their web site.