Barely a week after it was revealed that Colonial Pipeline had paid $5 million as ransom to hacker group DarkSide, a new angle to the story has come to light.
News has it that the ransomware group, which was responsible for the shutdown of the United States’ largest pipeline, has received ransom payment worth at least $90 million, and that too, as Bitcoin. The payments were made by many other victims who had fallen prey to DarkSide’s ransomware, before the group allegedly disbanded last week.
Bitcoin Wallet to Store the Ransom
Elliptic, a blockchain analytics firm which is based in London, has revealed that it has come across a Bitcoin wallet that was apparently being used by DarkSide (which, they believe is located somewhere near Eastern Europe). The use of the wallet had been to collect Bitcoin-based payments from victims, one of which happens to be Colonial Pipeline.
The wallet had reportedly been functional for at least the past 9 months, during which period, the hackers received more than $90 million as payment, from around 47 victims. The average payment that they received falls around $1.9 million.
Around 99 Companiea Affected
The group is also known for creating ransomware services as a business model, wherein they supply the malware to other cyber criminals. It was identified that around 99 organizations had fallen prey to the group’s tactics. Out of the $90 million, $74.7 million were taken up by the group’s affiliates, while $15.5 were left for the developers.
Elliptic co-founder and Chief Data Scientist, Tom Robinson, gave his penny on the issue, saying, “To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a low bound.”
Not Russian?
With news that DarkSide was the group behind the Colonial Pipeline shutdown coming to light, President Joe Biden’s thoughts that the hackers had in fact been located in Russia (but not in partnership with the Russian government), were put to rest.