It's believed that the ransomware hacker gang, DarkSide, received over $90 million in Bitcoin in ransom from 47 different victims before shutting down, Elliptic, a U.K.-based blockchain analytics firm, reported.
DarkSide is the ransomware group that is thought to be behind Colonial Pipeline's hack attack on May 7, which saw the company shut down its major pipeline supplying nearly half of the East Coast's fuel. In the end, Colonial Pipeline is said to have paid off DarkSide $5 million in ransom.
Elliptic's new report detailed how its team examined all the Bitcoin wallets DarkSide used over the past nine months by running the company's blockchain analysis platform, and open-source intelligence.
The team believes its analysis covers all of the ransomware group's payments, however, there could be other unknown ones that took place.
It looks like Colonial Pipeline wasn't the group's first target, as reportedly 99 organizations had been infected with DarkSide malware. Ultimately, the hackers received over $90 million in bitcoin in total. As Elliptic's report points out, some 47 percent of the targeted companies paid a ransom of approximately $1.9 million each on average.
After then, it looks like DarkSide shut down its operations on May 13, emptying out its Bitcoin wallet at the same time.
Ransomware as a Service
Unfortunately, DarkSide is just one example of groups operating for Ransomware as a Service (RaaS). And as people who make transactions with cryptocurrencies such as Bitcoin can remain more anonymous than those who transfer traditional money, it's easy to see why ransomware gangs like DarkSide would turn to such methods when looking for ransom payments.
Just last week, for instance, the Irish Health Service shut down as it faced a ransomware attack on May 14. That same week on May 12, the Washington D.C. Police Force was also targeted by a ransomware attack.
Still, as blockchain, the digital ledger where bitcoin is stored, is public and can be linked back to specific users, they can help trace who was part of the transactions — hence Elliptic's intricate method of finding out DarkSide's Bitcoin activities.
As hacker groups, and cryptocurrencies, keep improving the way they work, so too must the technologies stay up to date to preempt any malicious attacks.