In a bizarre case that is being compared to the saga of Robin Hood, a ransomware group has started donating some of its extorted proceeds to charities.

The Darkside ransomware group and related ransomware first emerged in August and was linked to previous groups GandCrab and Sodinokibi at the time. Although there are similarities in the code between Darkside and previous groups, that’s where the comparison ends given that the group itself is now making charitable donations.

So far the group has made two donations of 0.88 bitcoin each, worth $10,571 as of now, to Children International and The Water Project. Children International is a nonprofit child sponsorship organization and The Water Project is a charity that provides access to clear, safe and reliable water in sub-Saharan Africa.

“As we said in the first press release – we are targeting only large profitable corporations,” the group wrote on its dark web page Oct. 19. “We think it’s fair that some of the money they’ve paid will go to charity. No matter how bad you think our work is, we are pleased to know that we helped change someone’s life.”

According to ZDNet, Darkside had promised in August not to encrypt files belonging to hospitals, schools, universities, nonprofits and the government sector.

It should be noted that the amount donated is only small slice of the group’s likely returns from ransomware attacks. Typically a Darkside attack involves a demand for payment of between $200,000 and $2 million.

The charities themselves are also unlikely to be able to keep the donations, since receiving and using payments from stolen funds is in itself illegal in many countries.

Although Darkside may profess to be making donations for positive reasons, others are skeptical.

“This latest ‘donation’ effort by ransomware operators is just an attempt to improve their image publicly,” Katie Nickels, director of intelligence at threat detection firm Red Canary Inc,. told SiliconANGLE. “When the pandemic first started, we saw ransomware operators claim that they wouldn’t target hospitals, yet we know many of them have. If ransomware operators truly cared about making the world a better place, they would stop ransoming victims, not make donations.”

Chris Clements, vice president of solutions architecture at IT service management company Cerberus Cyber Sentinel Corp., said the most troubling realization here is that the cybercriminals have made so much money through extortion that donating $20,000 is chump change to them.

“Altruism isn’t a common trait in criminal extortion gangs, so it’s difficult to take their motivations at their word,” Clements added. “Without outside verification, it’s very likely we’ll never really know the true reasons.”

Photo: Nilfanion/Wikimedia Commons