DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, obtained $90 million in bitcoin funds following a nine-month ransomware spree, making it one of the vital worthwhile cybercrime teams.
“In complete, simply over $90 million in bitcoin ransom funds have been made to DarkSide, originating from 47 distinct wallets,” blockchain analytics agency Elliptic said. “Based on DarkTracer, 99 organisations have been contaminated with the DarkSide malware – suggesting that roughly 47% of victims paid a ransom, and that the common cost was $1.9 million.”
Of the whole $90 million haul, the DarkSide’s developer is alleged to have obtained $15.5 million in bitcoins, whereas the remaining $74.7 million was break up amongst its numerous associates. FireEye’s analysis into DarkSide’s associates program had previously revealed that its creators take a 25% reduce for funds underneath $500,000 and 10% for ransoms above $5 million, with the lion’s share of the cash going to the recruited companions.
Elliptic co-founder and chief scientist Dr. Tom Robinson stated the “break up of the ransom cost may be very clear to see on the blockchain, with the completely different shares going to separate Bitcoin wallets managed by the affiliate and developer.”
DarkSide, which went operational in August 2020, is only one of many teams that operated as a service supplier for different risk actors, or “associates,” who used its ransomware to extort targets in change for a reduce of the income, however not earlier than threatening to launch the info — a tactic referred to as double extortion.
However in a sudden flip of occasions, the prolific cybercrime cartel final week announced plans to wind up its Ransomware-as-a-Service (RaaS) associates program for good, claiming that its servers had been seized by regulation enforcement. Its bitcoin pockets was additionally emptied to an unknown account.
The fallout from the most important recognized cyberattack on U.S. vitality trade is simply the most recent instance of how a spate of ransomware incidents are more and more affecting the operations of important infrastructure and rising a nationwide safety risk. The occasions have additionally turned the highlight on implementing essential methods to make sure important features stay operational within the occasion of a major cyber disruption.