Darkside, a Russian hacker group known to have masterminded several high-profile ransomware attacks including the Colonial Pipeline attack has reaped $90 million in Bitcoin from 47 people. This means their victims paid a ransom averaging $1.9 million in Bitcoin as reported by Elliptic.
A report published by a criminal intelligence platform, DarkTracer revealed that 99 organizations were hit by the Darkside malware as of Monday.
Just like any other attack, Darkside takes advantage of the negligence of web users or even email, SMS, and gaming platform users to phish their targets. Once they get access to the computers, they shut down the system by mostly encrypting the files, and agree to release the decryption key once a ransom payment is made in Bitcoin. Since their discovery in August 2020, Darkside has affected organizations across different industries in more than 15 countries.
Darkside works with partners and share Bitcoin profits
A close examination of its operation reveals that the Darkside developers work with partners who give access to targeted organizations. Profits made in Bitcoin are shared among all the participants. Based on advertisements spotted In various forums, Darkside takes a 25 percent cut in an operation that involves a ransom of less than $500,000.
The report estimates that Darkside has as much as $15.5 billion in ransom, though some of the transactions are yet uncovered as said by Tom Robinson, the co-founder and chief scientist at Elliptic.
To our knowledge, this analysis includes all payments made to Darkside, however further transactions may yet be uncovered, and the figures here should be considered a lower bound.
The majority of the obtained Bitcoin is sent to crypto exchanges to be exchanged for other digital assets before finally being converted into fiat.
Darkside’s most recent victim is Colonial Pipeline. The company transports 100 million gallons of gasoline, diesel, jet fuel, and heating oil per day. This is about 45 percent of the consumed fuel between the Gulf Coast and the New York Metro Area. They paid a ransom of roughly $5 million before coming back online on 12 May.
Cryptocurrency hack and theft has been on the rise in recent years with a report published by Trading Platforms UK estimating that the amount of cryptocurrency stolen has surged by 38.8 percent from $370.7 million to $513 million between 2019 and 2020.
Darkside to cease operation
The hacker group has announced it will halt operation after its cryptocurrency account was drained and its webserver seized. Also, decryption tools will be released to infected companies yet to meet the ransom demands of the group. It is speculated that Darkside is facing pressure from law enforcement agencies.
The group in a statement said:
In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck…The landing page, servers, and other resources will be taken down within 48 hours.