DarkSide, the hacker group behind the temporary shutdown of the Colonial Pipeline, received just over $90 million in bitcoin ransom payments from victims, according to new research.
Earlier this month, the Colonial Pipeline -- a 5,500-mile pipeline that supplies fuel to the East Coast of the U.S. -- was hit by a cyberattack, causing a system outage. The attack led to a shortage in fuel supplies, which led to crowds at gas stations and higher gas prices.
In a blog post, London-based blockchain analytics firm Elliptic said it identified the Bitcoin wallet used by the cybercriminals to collect ransom payments from victims.
“In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” Elliptic said. “According to DarkTracer, 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”
Colonial reportedly paid the Eastern European criminal gang $5 million.
‘Ransomware as a service’ business model
Last Monday, DarkSide issued a statement saying it didn’t intend to cause a disruption in the movement of fuel supplies. It operates a “ransomware as a service” business, meaning it developed the software used by the criminals that carried out the attack.
“We are apolitical, we do not participate in geopolitics,” the group said in the statement.
Nonetheless, security researchers said DarkSide and its affiliates netted at least $90 million in bitcoin ransom payments over the past nine months. The funds were extracted from 47 victims.
Elliptic said the average payment from organizations was around $1.9 million. Of the $90 million total figure, $15.5 million went to DarkSide’s developer and $74.7 million went to its affiliates. A majority of the funds are being sent to crypto exchanges where they can be swapped for other cryptocurrency assets or fiat money.
“To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound,” said Tom Robinson Elliptic’s co-founder and chief scientist.