In 7 months before going into hiding, the Colonial Pipeline hackers extorted $90 million

Dan Kitwood/Getty

New research into the ransomware thieves who attacked the Colonial Pipeline shows just how much money they were able to extort during a fairly short crime spree: about $90 million in approximately seven months…say researchers with Elliptic, a blockchain analysis firm that specializes in tracking criminals.

In fact, DarkSide and its partners operated a network of 47 different wallets, each used to collect ransoms from multiple victims, Elliptic reported Tuesday. After the money changed hands, it was frequently funneled through crypto exchanges where it could be translated into fiat. In other cases, it was sent through Hydra, a popular European darknet marketplace that offers “cash-out services,” Elliptic researchers write. All told, affiliates gained some $74.7 million from the attacks, while DarkSide—as the developer—earned about $15.5 million.

“According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million,” writes Tom Robinson, Elliptic’s co-founder.

Not a bad gig if you feel like running the risk. We all know that crime pays. Just depends on whether or not you get away with it. In my hipster youth [1960’s definition, please], I knew more than a few criminals. They all put it in classic terms. “If you can’t do the time, don’t do the crime!”

3 thoughts on “In 7 months before going into hiding, the Colonial Pipeline hackers extorted $90 million

  1. p/s says:

    JBS Holdings, the world’s largest meat company by sales, paid $11 million in its May 30 bitcoin ransomware attack, attempting to avoid further disruption to its business.
    As reported by The Wall Street Journal on Wednesday, payment was made to a group REvil, who left no trace as to how they managed to infiltrate the company’s systems. The attack shares similarities with the Colonial Pipeline ransomware attack that occurred on May 14.
    The Colonial Pipeline Ransomware Attack and the Perils of Privately Owned Infrastructure : For years, businesses have resisted efforts from the federal government to hold them to robust cybersecurity standards.
    In the past year, a surge of ransomware attacks has made a disruptive period even more difficult. In December, the acting head of the federal Cybersecurity and Infrastructure Security Agency said that ransomware was “quickly becoming a national emergency.” Hackers hit vaccine manufacturers and research labs. Hospitals lost access to chemotherapy protocols; school districts cancelled classes. Companies scrambling to accommodate a fully remote workforce found themselves newly vulnerable to hackers.

  2. Stickup says:

    “$5.9 million ransomware attack on farming co-op may cause food shortage : Attack on US farming provider NEW Cooperative may disrupt the food supply chain.”
    “The farming organization says its software powers about 40 percent of grain production and feed schedules of 11 million farm animals. And, as such, US federal government regulators like CISA [U.S. Cybersecurity and Infrastructure Security Agency} may soon step in should the cooperative’s systems not come back online soon.
    Conversations shared by cybersecurity intel expert Dmitry Smilyanets between BlackMatter and the victim organization show the group’s reluctance to work out a solution with NEW Cooperative. [see link]
    This incident has echoes of the cyberattack on the world’s largest meat processor, JBS, that forced the company to pay an $11 million ransom amount to REvil threat actors.
    BlackMatter has previously been linked to the DarkSide ransomware group that attacked Colonial Pipeline and disappeared afterward.”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.