The hackers who shut down Colonial Pipeline brought in over $90 million in bitcoin ransoms while in operation
- DarkSide brought in over $90 million through ransomware cyberattacks, according to new research.
- The group emptied its Bitcoin wallets on May 13 after national scrutiny.
- Elliptic tracked payments to the group's Bitcoin wallets to make the $90 million estimate.
DarkSide Ransomware, the group that mounted a cyberattack on the Colonial Pipeline earlier this month, has brought in over $90 million in bitcoin ransom payments over the course of its operation, according to new research from blockchain-analytics firm Elliptic.
Elliptic found that there were 47 bitcoin wallets - that is, digital cryptocurrency accounts belonging to distinct entities - that paid Bitcoin ransoms to the group of hackers. The total amount of the ransoms, paid in untraceable cryptocurrencies, was more than $90 million. The group became active in October 2020 and scaled up its operations in 2021.
DarkSide said it planned to disband following pressure from the US government and law enforcement officials, according to The Wall Street Journal,
DarkSide released a statement on Twitter shortly after the cyberattack saying that it is an "apolitical" group, and "our goal is to make money and not creating problems for society."
The group's bitcoin wallet was emptied on May 13, according to Elliptic, but not before the Colonial Pipeline transferred hackers nearly $5 million in cryptocurrency.
After the Colonial Pipeline sent the payment, DarkSide provided the company with a decryption tool to help get its systems online after the attack. However, Bloomberg reported that the tool worked too slowly and the company kept using existing backups to bring things back online.
The system was closed for six days as a result of the DarkSide attack. The pipeline supplies almost half of the fuel used on the East Coast. The company announced on Saturday, May 16 that the pipeline was back to full operations, although there were outages on Tuesday. The cause of the network issues on Tuesday was not immediately apparent.
Elliptic reported that affiliates of DarkSide split the funds from ransom payments with developers who worked on the actual malware. "The DarkSide developer has received bitcoins worth $15.5 million (17%), with the remaining $74.7 million (83%) going to the various affiliates," Elliptic reported, with the share for developers starting out at 25% and decreasing to 5% if the ransom amounts to over $5 million.
Ransomware attacks are on the rise in the US, with Temple University data cited by the Washington Post showing a record high of almost 400 attacks in 2020. The Washington Post reported that experts are concerned about the trend as hackers target cities, hospitals, and critical infrastructure this year.