Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Firm tracked DarkSide gang ransomware payments and the massive sums paid

Blockchain analytics group tracked 75 BTC payment made by Colonial Pipeline after cyberattack

An analytics firm identified the bitcoin wallet used by the ransomware group behind the Colonial Pipeline attack and the massive payments received from victims.

The gang’s wallet received a 75 BTC (bitcoin) payment, or roughly $5 million, made by Colonial Pipeline on May 8 following the cyberattack on its operations, according to a report from blockchain analytics firm Elliptic.

The Colonial Pipeline shutdown led to widespread fuel shortages in the U.S. and has been described as the worst cyberattack on critical U.S. infrastructure to date. DarkSide, which the FBI confirmed as being behind the attacks, is believed to have originated in Eastern Europe, likely Russia. The group’s ransomware was first spotted in August 2020.

Motorists use gas pumps at a refueling station on May 12, 2021 in Benson, North Carolina. Most stations in the area along I-95 were without fuel following the Colonial Pipeline hack.  (Sean Rayford/Getty Images)

MAJOR INSURANCE COMPANY REVEALS IT PAID $40M RANSOM AFTER CYBERATTACK

The firm also tracked a ransomware bitcoin payment made by Brenntag, a large chemical distribution company in Germany, totaling roughly $ 4.4 million.

The group’s wallet has been active since March 4, 2021, and has received 57 payments from 21 different wallets, according to Elliptic.

In total, the DarkSide wallet received Bitcoin transactions since March totaling $17.5 million, Elliptic said. The firm said the majority of the payment was moved out the wallet on May 9.  

A portion of the payments was sent to a small group of exchanges. One exchange was identified as Hydra, “the world’s largest darknet marketplace, servicing customers in Russia and neighboring countries,” according to Elliptic.

Hydra offers “cash-out services” along with narcotics, hacking tools and fake IDs, the report said.

“These allow Bitcoin to be converted into gift vouchers, prepaid debit cards or cash Rubles. If you’re a Russian cybercriminal and you want to cash-out your crypto, then Hydra is an attractive option,” Elliptic said.

Massive payments

DarkSide, which has since claimed it would cease operations, brought in a cool $90 million in just nine months from an estimated 47 victims, according to another report from Elliptic.

So far, 99 organizations have been infected with the DarkSide ransomware, “suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million,” Elliptic said, citing a tweet by DarkTracer.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

Because of the large sums paid out by victims, ransomware has evolved into a big business that mirrors traditional business models.

Advertisement. Scroll to continue reading.

DarkSide is a prime example of Ransomware as a Service (RaaS), Elliptic said, echoing longstanding legitimate models such as SaaS or Software as a Service.

“In this operating model, the malware is created by the ransomware developer, while the ransomware affiliate is responsible for infecting the target computer system and negotiating the ransom payment with the victim organization,” Elliptic said.

“This new business model has revolutionized ransomware, opening it up to those who do not have the technical capability to create malware, but are willing and able to infiltrate a target organization,” according to the analytics firm.

Source: https://www.foxbusiness.com/technology/firm-tracked-darkside-gang-ransomware-payments-and-the-massive-sums-paid?web_view=true

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering a ransomware attack in...

Cyber Security

Using a vulnerability in MOVEit Transfer, hackers gained access to 8 to 11 million individuals’ ‘Users Data’ protected health information. Maximus, a US government contracting...

Cyber Security

Security researchers have dissected a recently emerged ransomware strain named ‘Big Head’ that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word...

Cyber Security

A cybersecurity advisory issued Wednesday said that a major ransomware group had successfully exploited a previously unknown vulnerability in Progress Software’s MOVEit software. The...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO