DarkSide ransomware made $90 million in nine months


The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months.

Around 10% of the profit came in one week from attacking just two companies: Colonial Pipeline, the largest oil pipeline system in the United States, and Brenntag, a large chemical distribution company in Germany.

Blockchain analysis company Elliptic analyzed ransom payments made to DarkSide from 47 distinct Bitcoin wallets. The total transactions came to more than $90 million since October 2020.

By assuming that all these are the payments twitch the ransomware group obtained from its victims, it is estimated that their average ransom would be $1.9 million, making the gang one of the greediest in the ransomware business.

According to a report, Dark web intelligence service DarkTracer counts 99 DarkSide victims, even though the number may be slightly higher.

Managed Detection and Response (MDR) service provider eSentire posted a blog on May 12, a day before DarkSide operations closed, which states 59 victims were listed on the gang’s leak site, that would add to the 47 associated with the Bitcoin wallets that Elliptic analyzed.

DarkSide which was launched in August 2020, became a productive actor on the ransomware scene and saw a significant surge in profits.

Attacks on Colonial Pipeline and Brenntag chemical distribution company gained the cybercriminals about $10 million, as the former paid nearly $5 million and the latter paid a $4.4 million ransom.

As DarkSide provides a ransomware-as-a-service (RaaS) operation, their profits were split between the developers of the malware and the affiliates that breached victim networks, stole data, and deployed the file-encrypting malware.

Affiliates, or partners, usually get a huge share of the money as most of the work is done by them. In the case of DarkSide, they got between 75% and 90% of the profit, depending on the size of the ransom.

For ransoms smaller than $500,000, the DarkSide developers would take 25%; the share decreased to 10% for larger payments of more than $5 million.

Image Credits : Elliptic

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    AXA division in Asia hit with ransomware attack

    Previous article

    Flipkart users asked to reset passwords to avoid fraud

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *