Blockchain analysis firm Elliptic has discovered the DarkSide ransomware variant made an estimated $90m in ransomware payments since October 2020.
According to Security Affairs, the report allowed Elliptic to follow the ransom payments and determine how the hackers cashed out the funds. It was found the DarkSide team used Bitcoin wallets to receive payments, with the average payment coming to $1.9m.
DarkSide used a ransomware-as-a-service model where the development team keeps 25% of paid ransoms, with this percentage decreasing by 15% if the ransom is larger than $5m. Elliptic speculated that the DarkSide group made around $15.5m from hacks, with the rest of the paid ransoms – approximated to be around $74.7m – transferred to wallets used by its affiliates.
The report read, “In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets. According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”
DarkSide recently hit the news after its team of hackers brought operations at the Colonial Pipeline to a halt after it affected some of the pipeline’s IT systems. The ransomware team then went on to demand a ransom payment from Colonial of $4.4m, which was paid in full.
A day following the attack, the FBI declared DarkSide were behind the hack. A private advisory to US companies by the FBI highlighted that the organisation had been tracking DarkSide since October of last year.
The story was brought to somewhat of an end earlier this week, when Bleeping Computer reported that DarkSide had shut down. A message sent by associates of the ransomware variant cited pressure from the US government and losing access to their servers as the main reasons for the closure.
Copyright © 2021 FinTech Global