DarkSide Gang Retires After Extorting more than $90m
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently released alerts concerning ransomware attacks affecting a critical infrastructure (CI) entity—a pipeline company—in the United States. Malicious cyber actors deployed DarkSide ransomware against the pipeline company’s information technology (IT) network.
Those alerts can be referenced here:
Joint CISA-FBI Cybersecurity Advisory on DarkSide Ransomware
Alert (AA21-131A) DarkSide Ransomware: Best Practices for Preventing Business Disruption from Ransomware Attacks
To help you understand DarkSide a little better, we encourage you to watch this video by Kevin Gergely from Tech Formality, as he does a great job digging into DarkSide Ransomware and the Malicious Attack That Halted Colonial Pipeline
The ransomware gang DarkSide extorted more than $90m in Bitcoin before allegedly disbanding its illegal operation, according to new research.
Analysts at London-based blockchain analytics firm Elliptic said in a report published Tuesday that they had discovered a now empty digital wallet that had contained the proceeds of ransomware attacks engineered by the cyber-criminal gang.
“In total, just over $90m in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” wrote Elliptic’s co-founder and chief scientist, Dr. Tom Robinson.
“According to DarkTracer, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9m.”
DarkSide has appeared in the news numerous times for its cyber-attacks, but the gang achieved real infamy earlier this month when it crippled America’s Colonial Pipeline with ransomware. From this exploit, which triggered panic buying and fuel shortages along the East Coast, the gang reportedly netted $5m.
Elliptic researchers report that DarkSide’s virtual wallet received a ransom payment of 75 Bitcoin from Colonial Pipeline.
The gang shut down its site on the dark web on May 13. Researchers at cybercrime intelligence provider Intel 471 reported that DarkSide had told its hacking partners who use the gang’s “ransomware-as-a-service” tools to launch cyber-attacks that sales of its software and released services have ceased.
Before closing its digital doors, DarkSide appeared to be on track to achieve its most profitable month of the last three quarters.
Elliptic researchers found that since October 2020, February had seen the gang collect its biggest Bitcoin haul of more than $20m. May’s earnings were close to $15m before DarkSide went dark.
Researchers noted that money extorted by the gang was divided up between those that had developed the ransomware (developers) and those who successfully deployed it (affiliates).
“In the case of DarkSide, the developer reportedly takes 25% for ransoms less than $500,000, but this decreases to 10% for ransoms greater than $5m,” they wrote.
“This split of the ransom payment is very clear to see on the blockchain, with the different shares going to separate Bitcoin wallets controlled by the affiliate and developer.”
Elliptic said that the DarkSide developer received a total of $15.5m in Bitcoin.