colonial pipeline darkside hacking ransomware
A sign is seen at Colonial Pipeline Baltimore Delivery in Baltimore, Maryland on May 10, 2021. – The US government declared a regional emergency Son May 9, 2021 as the largest fuel pipeline system in the United States remained largely shut down, two days after a major ransomware attack was detected. The Colonial Pipeline Company ships gasoline and jet fuel from the Gulf Coast of Texas to the populous East Coast through 5,500 miles (8,850 kilometers) of pipeline, serving 50 million consumers. The company said it was the victim of a cybersecurity attack involving ransomware — attacks that encrypt computer systems and seek to extract payments from operators.
JIM WATSON/AFP via Getty Images
  • DarkSide brought in over $90 million through ransomware cyberattacks, according to new research.
  • The group emptied its Bitcoin wallets on May 13 after national scrutiny.
  • Elliptic tracked payments to the group's Bitcoin wallets to make the $90 million estimate.
  • See more stories on Insider's business page.

DarkSide Ransomware, the group that mounted a cyberattack on the Colonial Pipeline earlier this month, has brought in over $90 million in bitcoin ransom payments over the course of its operation, according to new research from blockchain-analytics firm Elliptic.

Elliptic found that there were 47 bitcoin wallets – that is, digital cryptocurrency accounts belonging to distinct entities – that paid Bitcoin ransoms to the group of hackers. The total amount of the ransoms, paid in untraceable cryptocurrencies, was more than $90 million. The group became active in October 2020 and scaled up its operations in 2021.

DarkSide said it planned to disband following pressure from the US government and law enforcement officials, according to The Wall Street Journal,

DarkSide released a statement on Twitter shortly after the cyberattack saying that it is an "apolitical" group, and "our goal is to make money and not creating problems for society."

The group's bitcoin wallet was emptied on May 13, according to Elliptic, but not before the Colonial Pipeline transferred hackers nearly $5 million in cryptocurrency.

After the Colonial Pipeline sent the payment, DarkSide provided the company with a decryption tool to help get its systems online after the attack. However, Bloomberg reported that the tool worked too slowly and the company kept using existing backups to bring things back online.

The system was closed for six days as a result of the DarkSide attack. The pipeline supplies almost half of the fuel used on the East Coast. The company announced on Saturday, May 16 that the pipeline was back to full operations, although there were outages on Tuesday. The cause of the network issues on Tuesday was not immediately apparent.

Elliptic reported that affiliates of DarkSide split the funds from ransom payments with developers who worked on the actual malware. "The DarkSide developer has received bitcoins worth $15.5 million (17%), with the remaining $74.7 million (83%) going to the various affiliates," Elliptic reported, with the share for developers starting out at 25% and decreasing to 5% if the ransom amounts to over $5 million.

Ransomware attacks are on the rise in the US, with Temple University data cited by the Washington Post showing a record high of almost 400 attacks in 2020. The Washington Post reported that experts are concerned about the trend as hackers target cities, hospitals, and critical infrastructure this year.

Read the original article on Business Insider