DarkSide Ransomware Gang Made $90 Million in Bitcoin Ransom Payments from 47 Victims, a New Study Shows
The Gang Ceased Its Operations Last Week After Its Bitcoin Wallet Was Emptied.
As stated by Elliptic co-founder and chief scientist Tom Robinson in a blog post, in just 9 months of operations, at least $90 million in Bitcoin ransom payments were made to DarkSide, coming from 47 different wallets.
They gained around $10 million from that profit attacking chemical distribution organization Brenntag who paid a $4.4 million ransom and the largest fuel pipeline operator in the U.S who also paid $5 million in cryptocurrency.
The analysis organization notes that the DarkSide gang obtained a total of $17.5 million only in the past three months, which is around 20% of its known total gains.
According to DarkTracer, 99 companies have been affected by the DarkSide ransomware – indicating that about 47% of victims paid a ransom and that the average payment was $1.9 million.
The graph below reveals the complete value and number of ransom payments made to DarkSide over the past nine months. May was supposed to have the highest achievements, until DarkSide ceased its operations on May 13, and its Bitcoin wallet was emptied.
DarkSide Ransomware operates under the form of a Ransomware-as-a-Service (RaaS), in which the gains are shared between its holders and partners, or affiliates, who allow access to companies and execute the ransomware. The DarkSide ransomware gang gets around 25% of a ransom payment, and the rest is taken by the affiliate who organized the assault.
Ransomware is a sort of malicious software that’s created to obstruct access to a computer system. DarkSide cybercriminals request a ransom payment — usually cryptocurrency in order to restore access.
Tom Robinson Elliptic’s co-founder and chief scientist stated:
To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound.
Blockchain analytics enterprise stated that DarkSide’s bitcoin wallet held $5.3 million worth of digital money before its cash was taken last week.
According to Elliptic, the DarkSide gang took $15.5 million of the $90 million total while its partners received $74.7 million. They also said that almost all the funds are now sent to crypto exchanges, where they can be changed into fiat money.
Hackers use Bitcoin in their criminal activity because those transacting with cryptocurrency don’t have to disclose their real identity. Nevertheless, the digital registry that supports it is public which means that researchers can trace where money is being sent.
While the DarkSide ransomware gang made a public show of disbanding last week after the increased investigation from U.S. law enforcement, many cybersecurity specialists were having doubts, saying that it is a usual practice for ransomware groups to shut down only to come back after a while having a new name.