A new report from blockchain analytics company Elliptic has revealed the DarkSide ransomware gang, which attacked the Colonial Pipeline, received $90 million in Bitcoin from an estimated 47 victims.
Elliptic joint founder and chief scientist Tom Robinson said in a blog post the $90 million in ransom payments came from 47 separate wallets over the past nine months, meaning that nearly half of DarkSide's victims paid a ransom. According to DarkTracer data, at least 99 organizations have reported being targeted by the criminal group.
Colonial Pipeline was hit by a cyberattack earlier this month, forcing the company to shut down nearly 5,500 miles of pipeline, crippling gas distribution in the Southeast.
The FBI blamed the attack on DarkSide, a cybercriminal organization based in Eastern Europe, and Colonial reportedly paid the group a $5 million ransom.
DarkSide follows a "ransomware as a service" business model, which means that the hackers create and market ransomware tools, which they then sell to other criminals who carry out attacks.
Ransomware is a type of malicious software designed to prevent users from accessing a computer system. In exchange for restoring access, hackers demand a ransom payment - usually in cryptocurrency.
According to Elliptic's research, DarkSide's developers also created a comprehensive system for how ransoms are divided.
DarkSide and other ransomware groups pioneered the ransomware-as-a-service model, in which malware developers would effectively outsource the actual hacking and infecting of a target and then split the resulting ransom. The activity has democratized ransomware use, allowing less skilled cybercriminals to participate in the scheme without any technological knowledge.
Robinson reported the developers of DarkSide take a 25% cut of all ransoms less than $500,000 and a 10% cut of ransoms greater than $5 million. He said it was clear how the ransoms were distributed among various Bitcoin wallets on the blockchain.
The analyst added that the "developer" behind DarkSide has received at least $15.5 million, with the remaining $74.7 million going to subcontractors or affiliates.
According to the figures, victims of the gang paid an average of $1.9 million in ransoms, with the highest occurring in February. The group reportedly took in more than $20 million in Bitcoin that month and was on track to break their previous record in May before shutting down their operations in response to the uproar over the Colonial attack.
The Colonial Pipeline hack was only one of many ransomware attacks that made headlines last week. President Joe Biden signed an executive order aimed at improving the nations' cybersecurity defenses Wednesday.
