Colonial Pipeline Hackers Received $90M Worth of BTC in Ransom Payments

Elliptic (a British blockchain security & analytics company) successfully traced DarkSide’s primary Bitcoin address, which contained over $90M in payments from 47 different victims.

Ransomware As a Service – a Twisted Model

DarkSide designs, creates and markets ransomware software to be sold to other cybercriminals who are able to locate the best targets. This type of software has the ability to lock down an entire system, making files and features on it inaccessible until BTC is paid to unlock it.

Instead of having to find all the targets themselves, DarkSide can outsource this to criminal ‘affiliates’ who are able to target vulnerable systems.

These affiliates can be insiders to a company with elevated access that DarkSide themselves may not have and are thus rewarded handsomely.

According to Elliptic’s report, only about $15M went to DarkSide’s developers themselves – the other $75M went to affiliates. Elliptic’s chief scientist went on to note that this is, in fact, a lower bound since the estimate only consists of confirmed transactions – more might be uncovered in the following weeks.

The Pipeline Attack and its Implications

DarkSide’s attack resulted in gas shortages, high prices, and general panic across the United States. Multiple important infrastructural sites run similar archaic software that the Colonial Pipeline ran on – things like water tanks and nuclear power plants. A gas shortage, although problematic, is relatively benign compared to how bad the situation could have been.

Speculation is rampant about where DarkSide’s funds have gone. Unverified sources claim that the bitcoins were seized by the US government. In contrast, others claim that DarkSide leveraged their newfound wealth to create the massive 10,000 BTC short position that recently appeared on Bitfinex, causing a dip in Bitcoin’s price.

As cybercriminals get more sophisticated, with SIM swap and ransomware attacks on the rise, everybody – both governments and the average consumer – needs to ramp up their security measures. President Biden signed an executive order last week that aims to ramp up America’s cybersecurity defenses, as the US is being left behind by international competitors in that realm.