14 DAY TRIAL // The cybercriminal group, known as DarkSide, received about $90 million in Bitcoin after launching a massive ransomware attack on the pipeline industry.
FireEye's previous investigation into DarkSide's affiliate scheme found that its developers took a 25% cut for payments under $500,000 and a 10% cut for ransoms above $5 million, with the lion's share of the money going to the recruited partners.
"In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets," blockchain analytics firm Elliptic said.
According to DarkTracer, “99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million”.
Dr. Tom Robinson, Elliptic co-founder and chief scientist stated that the "split of the ransom payment is very clear to see on the blockchain, with the different shares going to separate Bitcoin wallets controlled by the affiliate and developer".
DarkSide, a cybercriminal group launched in August 2020, is one of the gangs that served as a service provider for other threat actors or affiliates, that used its ransomware to extort targets in return for a share of the profits, but only after threatening to release the data, a technique known as double extortion.
DarkSide allegedly terminated its RaaS service
In an unexpected turn of events, the prolific cybercrime gang announced last week that it would be discontinuing its Ransomware-as-a-Service (RaaS) affiliate program permanently, saying that their servers had been seized by law enforcement. Their bitcoin wallet was also drained and transferred to an undisclosed account.
The aftermath from the largest documented cyberattack on the US energy sector is just the most recent example of how a rash of ransomware attacks is rapidly disrupting critical infrastructure operations and posing a national security threat.
The incidents have also focused attention on the implementation of necessary strategies to ensure sensitive functions remain operational in the event of a major cyber disruption.