There’s an interesting piece by Andrew E. Kramer, Michael Schwirtz and Secret Chats Show How Cybergang Became a Ransomware Powerhouse. The reporters obtained access to the internal dashboard that DarkSide customers used to organize and carry out ransom attacks and their piece provides some insights as to how DarkSide “support” dealt with its customers and victims.
Beyond that piece, however, and in recent days, a Russian-language forum that DarkSide had used to recruit affiliates banned them. The ban came after a self-described affiliate sought to obtain monies allegedly owed to him from a successful attack and payment, but DarkSide denied knowing him or the alleged transactions. The claimant, who said he had no access to logs because DarkSide had closed things down, was unable to name the victim company/target or provide hard proof to the arbitratror. As a result, the forum administrator/arbitrator was unable to approve the claim, and the self-described affiliate publicly accused DarkSide of pulling an exit scam. Their claim was not the only claim DarkSide denied/refused, but they were the only ones to go public about the dispute.
DarkSide was banned from the forum shortly thereafter.