Hacker Group DarkSide Has Raked In Over $90 Million In Bitcoin Ransom Payments

hacking group darkside has recieved over 90 million in bitcoin ransom payments
Over the past two weeks, Colonial Pipeline has been battling a ransomware attack that crippled fuel flow to the eastern seaboard. This was supposedly not intended to be as catastrophic as it was, but the hacking group behind the attack, DarkSide, has quite a bit of experience in ransomware. The group has reportedly extracted approximately $90 million in Bitcoin from 47 different cryptocurrency wallets, with many more victims opting not to pay the ransom.

Ransomware is becoming a highly profitable business model for hackers, and even more so when “Ransomware as a Service” (RaaS) is implemented. DarkSide is an example of this model, wherein there is a ransomware developer who oversees the malware creation and an affiliate that oversees infecting the target. Any ransom payment made, generally using Bitcoin, is then split between the two with a predefined rate.

ransom payments hacking group darkside has recieved over 90 million in bitcoin ransom payments
Ransomware Payments To DarkSide Since 2020 (Courtesy Of Elliptic)

The Colonial Pipeline attack that led to severe pipeline downtime also led to a 75 Bitcoin ransom payment made to the attackers to expedite the recovery process. Blockchain analysis and financial services company Elliptic followed the path of this Bitcoin ransom back to the hackers and managed to find some interesting information. Dr. Tom Robinson, Elliptic co-founder and chief scientist, reports that “just over $90 million in Bitcoin ransom payments were made to DarkSide.” However, it is believed that further transactions have yet to be found, so “the figures here should be considered a lower bound.”

ransom splits hacking group darkside has recieved over 90 million in bitcoin ransom payments
Ransomware Fund Split (Courtesy Of Elliptic)

In any case, much of the funds sent over several months to DarkSide went to affiliates, while only 17.2% went to the DarkSide developer. From there, the funds are sent around to different wallets or sent to cryptocurrency exchanges, where they are swapped out for other digital currencies or fiat money. While there are regulations to prevent things like this from happening, it is not enforced in some places that allow the money to easily disappear.

Hopefully, if this level of tracing can be done on cryptocurrency transactions, it will become easier to persecute those who attack companies with ransomware. This problem needs to be halted and tracking down and punishing those behind it is a surefire way to do it. Whatever ends up happening, let us know what you think of tracking down the hackers behind ransomware in the comments below.