DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to fresh research, APA reports citing CNBC.
Colonial Pipeline was hit with a devastating cyberattack earlier this month that forced the company to shut down approximately 5,500 miles of pipeline, crippling gas delivery systems in southeastern states. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe, and Colonial reportedly paid a $5 million ransom to the group.
DarkSide operates what’s known as a “ransomware as a service” business model, meaning the hackers develop and market ransomware tools and sell them to other criminals who then carry out attacks. Ransomware is a type of malicious software that’s designed to block access to a computer system. Hackers demand a ransom payment — typically cryptocurrency — in return for restoring access.
On Friday, London-based blockchain analytics firm Elliptic said it had identified the bitcoin wallet used by DarkSide to collect ransom payments from its victims. That same day, security researchers Intel 471 said DarkSide had closed down after losing access to its servers and as its cryptocurrency wallets were emptied. DarkSide also blamed “pressure from the U.S.,” according to a note obtained by Intel 471.
In a new blog post Tuesday, Elliptic said DarkSide and its affiliates bagged at least $90 million in bitcoin ransom payments, originating from 47 distinct cryptocurrency wallets. The average payment from organizations was likely $1.9 million, Elliptic said.