DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, acquired $90 million in bitcoin funds following a nine-month ransomware spree, making it probably the most worthwhile cybercrime teams.
“In complete, simply over $90 million in bitcoin ransom funds had been made to DarkSide, originating from 47 distinct wallets,” blockchain analytics agency Elliptic said. “In line with DarkTracer, 99 organisations have been contaminated with the DarkSide malware – suggesting that roughly 47% of victims paid a ransom, and that the common fee was $1.9 million.”
Of the entire $90 million haul, the DarkSide’s developer is alleged to have acquired $15.5 million in bitcoins, whereas the remaining $74.7 million was cut up amongst its varied associates. FireEye’s analysis into DarkSide’s associates program had previously revealed that its creators take a 25% lower for funds below $500,000 and 10% for ransoms above $5 million, with the lion’s share of the cash going to the recruited companions.
Elliptic co-founder and chief scientist Dr. Tom Robinson mentioned the “cut up of the ransom fee may be very clear to see on the blockchain, with the totally different shares going to separate Bitcoin wallets managed by the affiliate and developer.”
DarkSide, which went operational in August 2020, is only one of many teams that operated as a service supplier for different menace actors, or “associates,” who used its ransomware to extort targets in trade for a lower of the earnings, however not earlier than threatening to launch the information — a tactic often known as double extortion.
However in a sudden flip of occasions, the prolific cybercrime cartel final week announced plans to wind up its Ransomware-as-a-Service (RaaS) associates program for good, claiming that its servers had been seized by regulation enforcement. Its bitcoin pockets was additionally emptied to an unknown account.
Colonial Pipeline paid 75 bitcoins ($4.4 million as of Might 8) to revive entry, the corporate’s CEO Joseph Blount told the Wall Road Journal.
The fallout from the largest recognized cyberattack on U.S. power trade is barely the newest instance of how a spate of ransomware incidents are more and more affecting the operations of vital infrastructure and rising a nationwide safety menace. The occasions have additionally turned the highlight on implementing essential methods to make sure very important capabilities stay operational within the occasion of a major cyber disruption.