Table of Contents
Elliptic, a London-based Blockchain analytics firm, identified the Bitcoin wallet used by the ransomware group responsible for the Colonial Pipeline attack and its extortion amount. According to a report from the Blockchain analytics firm Elliptic, the ransomware gang Darkside received a ransom payment from Colonial Pipeline of 75 Bitcoin, or roughly $5 million, following the cyberattack on its operations on May 8. Colonial Pipeline was targeted in a cyber attack which led to widespread fuel shortages and has been the most challenging cyber-attack on U.S. vital infrastructure to date. The FBI and security researchers discovered the Darkside ransomware gang’s operation in August 2020 and nearly 9 months later in May 2021, they confirmed the involvement of the Darkside ransomware gang in the attack on Colonial Pipeline.
There were just over $90 million in bitcoin payments to DarkSide from 47 distinct wallets. According to DarkTracer, 99 organizations have been attacked by the DarkSide malware and so far, they seem to have paid an average of $1.9 million in ransoms. In addition to targeting only big companies, DarkSide specifically forbids affiliates from placing ransomware on organizations in a wide range of industries including healthcare, funeral services, education, the public sector, and non-profits.
In addition to this, the company also discovered a ransomware payment made by Brenntag, a large chemical distributor in Germany, totaling about $ 4.4 million. According to Elliptic, the group’s wallet has been active since March 4, 2021, and has received 57 payments from 21 different wallets. Some ransomware groups, including DarkSide and other ransomware groups, use the ransomware-as-a-service model, where the malware’s designers can effectively outsource the actual hacking and infecting of a target and split the ransom.
Since then, the practice has democratized ransomware, allowing less experienced cybercriminals a chance to scam the system without technical knowledge. “In this operating model, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target computer system and negotiating the ransom payment with the victim organization. This new business model has revolutionized ransomware, opening it up to those who do not have the technical capability to create malware but are willing and able to infiltrate a target organization,” Elliptic said.