In this photo illustration, a Bitcoin logo is displayed on an Android smartphone with a hacker in the background.
Miguel Candela | SOPA pictures | LightRocket via Getty Images
LONDON – DarkSide, the hacking group behind the latest ransomware attack on the Colonial Pipeline, received a total of $ 90 million in Bitcoin ransom payments before it closed last week, according to new research.
The Colonial Pipeline was hit by a devastating cyberattack earlier this month that forced the company to shut down approximately 5,500 miles of pipeline in the United States, paralyzing gas supply systems in the southeastern states. The FBI blamed DarkSide, an Eastern Europe-based cybercriminal, for the attack, and Colonial reportedly paid the group a $ 5 million ransom.
DarkSide operates a so-called “Ransomware as a Service” business model, which means that the hackers develop and market ransomware tools and sell them to other criminals who then carry out attacks. Ransomware is a type of malicious software that blocks access to a computer system. Hackers demand a ransom payment – usually cryptocurrency – in exchange for restoring access.
On Friday, London-based blockchain analytics firm Elliptic said it had identified the Bitcoin wallet that DarkSide uses to collect ransom payments from its victims. On the same day, security researcher Intel 471 said DarkSide was shut down after access to its servers was lost and cryptocurrency wallets were emptied. According to a communication from Intel, DarkSide also blamed “pressure from the USA” on 471.
In a blog post on Tuesday, Elliptic said DarkSide and its subsidiaries had bagged at least $ 90 million in bitcoin ransom payments from 47 different cryptocurrency wallets. The average payment from organizations was likely $ 1.9 million, Elliptic said.
“To the best of our knowledge, this analysis covers all payments to DarkSide, but other transactions may be uncovered and the numbers here should be viewed as the floor,” said Elliptics Co-Founder and Chief Scientist Tom Robinson.
Elliptic said DarkSide’s Bitcoin wallet contained $ 5.3 million worth of digital currency before funds were depleted last week. There has been some speculation that this bitcoin had been seized by the US government.
Of the total of $ 90 million, $ 15.5 million went to the developer of DarkSide, while according to Elliptic, $ 74.7 million went to its subsidiaries. Most of the funds will be sent to crypto exchanges where they can be converted into fiat money, Elliptic said.
Bitcoin has made a name for itself for its use in criminal activity, as individuals who do business with the cryptocurrency are not required to reveal their identity. However, the digital ledger that Bitcoin is based on is public, so researchers can keep track of where funds are being sent.
The Colonial Pipeline hack was one of many ransomware attacks that hit the headlines last week. A division of the Japanese conglomerate Toshiba said its European entity had been hacked and blamed the attack on DarkSide, while Ireland’s health service was also hit by a ransomware attack. On Wednesday, President Joe Biden signed an executive order to strengthen US cybersecurity defenses.