DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to new research.
Colonial Pipeline was hit with a devastating cyberattack earlier this month that forced the company to shut down approximately 5,500 miles of pipeline in the United States, crippling gas delivery systems in Southeastern states. The FBI blamed the attack on DarkSide, a cybercriminal gang believed to be based in Eastern Europe, and Colonial reportedly paid a $5 million ransom to the group.
In a blog post Tuesday, Elliptic said DarkSide and its affiliates bagged at least $90 million in bitcoin ransom payments over the past nine months from 47 victims. The average payment from organizations was likely $1.9 million, Elliptic said.
Of the $90 million total haul, $15.5 million went to DarkSide’s developer while $74.7 million went to its affiliates, according to Elliptic. The majority of the funds are being sent to crypto exchanges, where they can be converted into fiat money, Elliptic said.