Hackers Behind Attack Got $90 Million In Bitcoin

(PatriotWise.com)- DarkSide, the hacker group that targeted Colonial Pipeline earlier this month has shut down its operations, but not before raking in a total of $90 Million in bitcoin on their way out.

DarkSide uses what is known a “ransomware as a service” business model. Hackers develop and market ransomware tools and sell them to other criminals who then carry out attacks. The ransomware software is designed to block access to computer systems which are only restored after a ransom is paid.

The cybercriminal gang purportedly operating out of Eastern Europe was identified by the FBI as the culprit of the cyberattack that shut down nearly 5,500 miles of Colonial’s pipeline system two weeks ago. The shutdown cut off fuel supplies all along the Southeastern US and created a cascade of panic buying throughout the nation.

After reportedly refusing to pay the ransom, Colonial Pipeline finally relented and paid DarkSide. On Wednesday, May 19, CEO Joseph Blount confirmed that he authorized the $4.4 million bitcoin ransom payment.

Last Friday, a London-based blockchain analytics firm, Elliptic, reportedly identified the bitcoin wallet being used by DarkSide to collect the ransom payments from its victims. On that same day, after losing access to its servers, Darkside drained its cryptocurrency wallets and shut down.

According to Intel 471 security researchers, DarkSide also blamed “pressure from the US” for ceasing operations.

Elliptic reported on Tuesday that DarkSide and its affiliates boasted that, in total, they had extracted at least $90 Million in bitcoin ransom payments from 47 separate victims over the last nine months.

In addition to Colonial Pipeline, DarkSide allegedly extracted ransom payments from the Japanese conglomerate Toshiba’s European unit as well as Ireland’s health service.

And $90 Million is just the amount currently known. According to Tom Robinson, Elliptic’s co-founder and chief scientist further transactions may still be uncovered, and it is likely the true amount will be much higher.

In the wake of the attack on Colonial Pipeline, President Biden signed an executive order on May 12 aimed at strengthening US cyber defenses.