DarkSide, the group responsible for the cyberattack on Colonial Pipeline, allegedly received over $ 90 million in Bitcoin from 47 victims before being forced to close last week, according to blockchain analytics firm Elliptic.
Nearly 99 organizations were infected with DarkSide malware, which could mean that nearly 47 percent of victims paid a ransom to regain control of their data, Elliptic said in a blog. The average payout per victim would have been around $ 1,9 million, the company estimates.
“We can track ransom payments and see where Bitcoins are spent or traded. What we have found is that most of the funds are sent to crypto-asset exchanges, where they can be exchanged for other crypto-assets or fiat currency, ”said Tom Robinson, co-founder and head of Elliptic.
Not all exchanges are properly regulated
Most cryptocurrency exchanges comply with anti-money laundering regulations and verify the identity of their customers, often reporting any suspicious activity. These exchanges also use blockchain-based analytics tools to check customer deposits for links to illegal activities such as ransomware.
"However, some jurisdictions do not enforce these regulations," and the proceeds of DarkSide's ransomware have been sent to those exchanges, Robinson said.
DarkSide, which made its first appearance last August, said it is shutting down due to "pressure" from the US government and after losing control over its operations and money.
He also ran an affiliate program to help other hacker groups in their infiltration attempts. The ransom amounts paid by the victims are shared between DarkSide and its affiliate.
"The developer [of DarkSide] reportedly gets 25% of ransoms under $ 500.000, but that drops to 10% for ransoms over $ 5 million," Robinson said.
“This breakdown of the ransom payment is very clear to see on the blockchain. As the different actions that will separate Affiliate and Developer controlled Bitcoin wallets are clear. In total, the DarkSide developer received Bitcoin worth $ 15,5 million [17 percent]. The remaining $ 74,7 million [83 percent] goes to the various affiliates.
Colonial paid a very high ransom
DarkSide follows the ransomware-as-a-service model, which means that it sells or leases ransomware to others to carry out attacks. The group also has a help desk to organize negotiations with the victims and gather information on their goals.
Colonial paid about $ 5 million to hackers last Friday to regain control of its systems, according to Bloomberg. In previous reports, the company had said it did not intend to pay any ransom. And what do you think of these cyber attacks? Have you ever suffered one and then had to pay a ransom? Let us know in the comments below.