THREAD: Based on our blockchain analysis, we can confirm reports speculating that DarkSide #ransomware group has rebranded to BlackMatter. This is part of a trend in which ransomware groups shut down & reemerge with new names, often after law enforcement actions or media scrutiny
Chainalysis was able to confirm the financial connection between DarkSide and BlackMatter in late July '21 a few days before security researchers speculated there was a connection based on similarities w/ their encryption algorithms, decryptors, and more: bleepingcomputer.com/news/security/…
Sometimes following the money can provide an early indicator about a ransomware group’s revitalized operations. In this case, financial connections were made on the blockchain before any attacks were made public on BlackMatter’s blog
therecord.media/an-interview-w…
There is no silver bullet in solving the ransomware challenge. But this demonstrates that blockchain analysis is an important tool in the investigative toolkit, and can help investigators identify actors across the ransomware supply chain as the landscape evolves and matures.
For more analysis of ransomware activity this year, read our report, now with updated data through mid-July: go.chainalysis.com/ransomware-202…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Chainalysis

Chainalysis Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @chainalysis

14 Jan
THREAD: Here's a quick summary of our blog on on the Bitcoin donation made in December to alt-right groups and figures involved in last week's violence at the Capitol.
Alt-right personality Nick Fuentes, who was pictured outside the Capitol but denies entering, was by far the biggest beneficiary of the donation, receiving roughly $250K. bit.ly/38J9quj
Other far right figures who received Bitcoin in the donation include Patrick Casey, Vincent Reynouard, and Ethan Ralph, as well as platforms and websites like the Daily Stormer, VDARE, and Gab. bit.ly/38J9quj
Read 6 tweets
22 Dec 20
THREAD: We published a response to Treasury's proposed rule re: unhosted wallets, analyzing data behind their use, what the industry would have to do to comply & offering thoughts on how the rule could better achieve its purpose to curtail illicit activity bit.ly/3mHLYS2
First, three clear trends from our blockchain data suggest unhosted wallets are primarily used by individuals and organizations to either store their cryptocurrency for investment purposes, or move it between regulated trading venues.
Our first chart shows the vast majority of bitcoin sent between unhosted wallets is sourced from Virtual Asset Service Providers (VASPs), primarily exchanges:
Read 19 tweets
1 Aug 20
THREAD: Here’s a quick summary of our blog on how blockchain analysis enabled law enforcement to identify an individual associated with the #TwitterHack who was arrested earlier today.
Background: @TheJusticeDept announced today the arrest of 3 individuals associated with the #TwitterHack - Mason Sheppard, aka “Chaewon,” Nima Fazeli, aka “Rolex,” and a third juvenile defendant known as “Kirk,” the alleged mastermind behind the attack. bit.ly/3fd2hT6
Kirk spear phished Twitter employees to access a Twitter admin panel that enabled him to take over celebrity accounts, which he used t]o promote a trust trading scam. You can read the details on the scam itself here. bit.ly/2BR84jI
Read 15 tweets
16 Jul 20
[THREAD] Here's what we know so far about today’s #Twitterhack & #Bitcoinscam. As of now, the scam’s main BTC address (bc1...0wlh) received ~$120k in donations in 375 transactions. No funds have been cashed out at exchanges yet.
2/ We know of 2 other donation addresses that were posted by the scammers on hacked Twitter accounts (bc1...d24x and bc1...w39l), which received $6.7k in 100 transactions.
3/ The Ripple address that was posted has not received any funds at this time. There may be other scam addresses; please DM us if you have others.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

:(