LONDON, UK — According to fresh analysis, DarkSide, the hacker gang behind the recent Colonial Pipeline ransomware attack, collected $90 million in bitcoin ransom payments before shutting down last week.
Colonial Pipeline was targeted by a severe cyberattack earlier this month, forcing the business to shut down about 5,500 miles of pipeline in the US, paralyzing gas supply networks in the Southeast. The FBI attributed the attack on DarkSide, a cybercriminal ring based in Eastern Europe, for which Colonial is said to have paid a $5 million ransom.
DarkSide has a business model known as “ransomware as a service,” in which the hackers create and promote ransomware tools, which they then sell to other criminals who use them to carry out attacks. Ransomware is a sort of malicious software that encrypts data and prevents users from accessing it. In exchange for regaining access, hackers seek a ransom payment – usually in bitcoin.
Elliptic, a blockchain analytics startup located in London, announced on Friday that it has discovered the bitcoin wallet used by DarkSide to collect extortion payments from its victims. DarkSide was shut down the same day, according to security researchers Intel 471, after losing access to its servers and having its cryptocurrency wallets emptied. According to a letter received by Intel 471, DarkSide also blamed “US pressure.”
Elliptic stated in a blog post on Tuesday that DarkSide and its associates received at least $90 million in bitcoin ransom payments from 47 victims in the last nine months. According to Elliptic, the average payment from organizations was roughly $1.9 million.
“To our knowledge, this study encompasses all payments made to DarkSide; nevertheless, additional transactions may be discovered, and the values provided should be considered a lower bound,” said Tom Robinson, co-founder and chief scientist of Elliptic.
Before its money were taken last week, Elliptic reported DarkSide’s bitcoin wallet contained $5.3 million in bitcoin. The US authorities may have taken this bitcoin, according to some reports.
According to Elliptic, $15.5 million went to DarkSide’s developer, while $74.7 million went to the company’s affiliates. According to Elliptic, the majority of the monies are being routed to crypto exchanges, where they may be turned into fiat currency.
Because those who interact with Bitcoin do not have to divulge their identities, it has earned a reputation for being used in illegal conduct. The digital ledger that supports bitcoin, on the other hand, is open to the public, allowing researchers to track where funds are transmitted.
The ransomware attack on the Colonial Pipeline was one of a slew of ransomware strikes that made news last week. Toshiba’s European unit was attacked, with the attack blamed on DarkSide, while Ireland’s health service was also affected by ransomware. President Joe Biden signed an executive order on Wednesday aimed at bolstering the United States’ cybersecurity defenses.