article featured image


As stated by Elliptic co-founder and chief scientist Tom Robinson in a blog post, in just 9 months of operations, at least $90 million in Bitcoin ransom payments were made to DarkSide, coming from 47 different wallets.

They gained around $10 million from that profit attacking chemical distribution organization Brenntag who paid a $4.4 million ransom and the largest fuel pipeline operator in the U.S who also paid $5 million in cryptocurrency.

The analysis organization notes that the DarkSide gang obtained a total of $17.5 million only in the past three months, which is around 20% of its known total gains.

According to DarkTracer, 99 companies have been affected by the DarkSide ransomware – indicating that about 47% of victims paid a ransom and that the average payment was $1.9 million.

The graph below reveals the complete value and number of ransom payments made to DarkSide over the past nine months. May was supposed to have the highest achievements, until DarkSide ceased its operations on May 13, and its Bitcoin wallet was emptied.

Value and number of ransom payments


DarkSide Ransomware operates under the form of a Ransomware-as-a-Service (RaaS), in which the gains are shared between its holders and partners, or affiliates, who allow access to companies and execute the ransomware. The DarkSide ransomware gang gets around 25% of a ransom payment, and the rest is taken by the affiliate who organized the assault.

Ransomware is a sort of malicious software that’s created to obstruct access to a computer system. DarkSide cybercriminals request a ransom payment — usually cryptocurrency in order to restore access.

Tom Robinson Elliptic’s co-founder and chief scientist stated:

To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound.

Blockchain analytics enterprise stated that DarkSide’s bitcoin wallet held $5.3 million worth of digital money before its cash was taken last week.

According to Elliptic, the DarkSide gang took $15.5 million of the $90 million total while its partners received $74.7 million. They also said that almost all the funds are now sent to crypto exchanges, where they can be changed into fiat money.


Hackers use Bitcoin in their criminal activity because those transacting with cryptocurrency don’t have to disclose their real identity. Nevertheless, the digital registry that supports it is public which means that researchers can trace where money is being sent.

While the DarkSide ransomware gang made a public show of disbanding last week after the increased investigation from U.S. law enforcement, many cybersecurity specialists were having doubts, saying that it is a usual practice for ransomware groups to shut down only to come back after a while having a new name.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.

Leave a Reply

Your email address will not be published. Required fields are marked *