Ransomware attackers donate stolen money to charity

A criminal hacking group that extorted millions of dollars in a series of cyber attacks is now donating money to charity.

The DarkSide crooks said they wanted to “make the world a better place”, after posting receipts for $10,000 in Bitcoin donations to The Water Project and Children International.

The move has dumbfounded the cyber security community, with the BBC describing it as a “strange and troubling development, both morally and legally”.

DarkSide wrote: “We think that it’s fair that some of the money the companies have paid will go to charity.

“No matter how bad you think our work is, we are pleased to know that we helped changed [sic] someone’s life. Today we sended [sic] the first donations.”

The group posted a screenshot confirming the donation, along with tax receipts they received.

However, Children International, which supports children, families and communities around the globe, says it will not be keeping the money.

A spokesperson for the organisation told the BBC: “If the donation is linked to a hacker, we have no intention of keeping it.”

The Water Project, which works to improve access to clean water in sub-Saharan Africa, has not responded to requests for comment.

‘Robin Hood hackers’

It’s easy to take this story at face value and assume that criminal hackers can do bad things for a good reason, but many in the cyber security industry are more sceptical.

The Emsisoft threat analyst Brett Callow said: “What the criminals hope to achieve by making these donations is not at all clear. Perhaps it helps assuage their guilt? Or perhaps for egotistical reasons they want to be perceived as Robin Hood-like characters rather than conscienceless extortionists.

“Whatever their motivations, it’s certainly a very unusual step and is, as far as I know, the first time a ransomware group has donated a portion of their profits to charity.”

The DarkSide gang first appeared in August 2020, but until now there was no indication that they had altruistic intentions. However, they did vow not to attack the healthcare, education, non-profit or public sectors.

Such organisations comprise the bulk of ransomware targets but are also likely to cause the greatest collateral damage. Indeed, last month, a patient at Dusseldorf University Hospital died during a ransomware attack after the facility was unable to provide urgent medical care.

That’s not to say attacks on the private sector are any more acceptable. The disruption can cause huge problems for affected organisations and can have lasting financial effects.

The most prominent recent example of that is the attack on Travelex, whose perpetrators have links to DarkSide.

That attack left the foreign exchange firm dealing with more than a month of disruption, and it was eventually forced into administration.

The firm announced that 1,309 people would lose their job as a result. It wouldn’t be a surprise if the attacks that funded the gang’s charitable donations had similar results, which would prove that no good deed goes unpunished.

The Weekly Round-up: subscribe now