The DarkSide ransomware team, which is thought to be behind the attacks on the Colonial pipeline, has manufactured all over $90 million in Bitcoin from 47 victims.
According to cyber security organization Elliptic’s co-founder and main scientist Tom Robinson, victims manufactured just more than $90 million in Bitcoin ransom payments to DarkSide, originating from 47 distinct wallets. According to DarkTracer, DarkSide ransomware has contaminated 99 companies, which suggests that close to 47% of victims compensated a ransom, and the common payment was $1.9 million.
“To our expertise, this assessment involves all payments made to DarkSide, however even further transactions may well nonetheless be uncovered, and the figures right here must be regarded as a reduced sure,” mentioned Robinson.
Cyber legal gangs these kinds of as DarkSide have founded a ransomware-as-a-company company design where by they build the malware but let other hackers to breach victims. DarkSide then splits the proceeds amongst themselves and their affiliates.
In DarkSide’s situation, the developer reportedly takes 25% for ransoms much less than $500,000, but this decreases to 10% for ransoms greater than $5 million.
Blockchain analysis can make income split clear, with the diverse shares likely to independent Bitcoin wallets controlled by the affiliate and developer.
Robinson said the DarkSide developer has acquired Bitcoins truly worth $15.5 million (17%), with the remaining $74.7 million (83%) likely to the many affiliates.
Further evaluation permitted the business to see the place the cryptocurrency was becoming expended or exchanged. Most of the funds ended up sent to cryptoasset exchanges, the place they can swap them for other cryptoassets, or fiat forex, reported Robinson.
Robinson reported that most cryptoasset exchanges comply with anti-revenue laundering (AML) laws, verifying customers’ identity, and reporting suspicious exercise, this kind of as ransomware proceeds.
“However, some jurisdictions do not implement these polices, and it is to exchanges in these spots that a great deal of the DarkSide ransomware proceeds are getting despatched,” stated Robinson.
The DarkSide ransomware group, thought to be based mostly in Japanese Europe or Russia, has recently disbanded soon after even more investigations by US legislation enforcement. An email to DarkSide’s affiliate marketers stated that it was shutting up shop “due to the tension of the US.”
On the other hand, many criminal gangs have been mentioned they are disbanding only to demonstrate up again months or months afterwards under a new title.
Some parts of this report are sourced from: