DarkSide Ransomware Scored Ransom from About Half of Its 47 Victims
The cybercriminals behind DarkSide Ransomware just had one of their most profitable months before going offline. The DarkSide ransomware gang is behind the ransomware used in the crippling Colonial Pipeline cyber attack.
Just last week DarkSide attacked US refined fuel transporter, Colonial Pipeline Co. The cybercriminals compromised Colonial Pipeline’s IT network and held it for ransom for almost a week.
Now it appears that DarkSide developers have lost control of their own servers due to law enforcement action that took them down.
It was one of the worst cyberattacks on any US critical infrastructure.
“A few hours ago, we lost access to the public part of our infrastructure, namely : Blog, Payment server, DOS servers,” reads the forum post from UNKN reported on Bleeping Computer.
After five days, Colonial Pipeline Co. gave in and paid DarkSide their bounty to return their systems to normal.
Cyber security researchers at Elliptic identified the Bitcoin wallet used by DarkSide to receive payment for the Colonial Pipeline ransomware attack.
“Elliptic has identified the Bitcoin wallet used by the DarkSide ransomware group to receive ransom payments from its victims, based on our intelligence collection and analysis of blockchain transactions. This wallet received the 75 BTC payment (worth $4.4 million at the time of the transaction) made by Colonial Pipeline on May 8,” says Elliptic.
Colonial also admits to paying the ransom to restore their systems.
It is believed that DarkSide netted 75 Bitcoin (About $5M USD) from Colonial Pipeline ransomware attack.
DarkSide ransomware is a “ransomware-as-a-service” (RAS) malware. The developers behind the ransomware allow other hackers to use the malicious computer code to attack targets. The service works as a developer-affiliate payment model. Hackers who carry out successful cyber attacks and net a ransom from the victims must give 25% of their bounty to the ransomware developers.
It’s the ransomware gift that keeps on giving.
Elliptical tracked down all the payments made to various DarkSide wallets to accept money from other attacks that used their RAS model.
DarkSide’s virtual wallet received a ransom payment of 75 Bitcoin from Colonial Pipeline. The wallet had received 57 payments from 21 other digital wallets. According to Elliptic some of the amounts match other known ransomware payments made by corporations.
“In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” says Elliptic.
Although it’s rumored the law enforcement seized some of DarkSide’s Bitcoin, they probably did not get all of it. Some money was moved out of the Bitcoin wallet before the feds moved in
