In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets. Of 99 organizations infected with DarkSide malware, nearly half of the victims paid a ransom, with the average payment of $1.9 million, the report said.
“Elliptic was first to identify the Bitcoin wallet used by the DarkSide ransomware group to receive a 75 Bitcoin ransom payment [about $5 million] from Colonial Pipeline,” Elliptic said. “In this new report we expand our original analysis to examine all of the wallets used by DarkSide to receive Bitcoin ransoms from victims over the past nine months.”
After receiving ransom from Colonial Pipeline, which allowed the company to resume operations, DarkSide announced it was disbanding. However, analysts said the hacking group would most likely re-emerge using a different name.
The May 7 attack on Colonial Pipeline, which supplies about half of the gasoline to the Eastern United States, resumed operations within a week, but many stations that ran out of fuel as a result have yet to receive fresh supplies.