In 7 months before going into hiding, the Colonial Pipeline hackers extorted $90 million

Dan Kitwood/Getty

New research into the ransomware thieves who attacked the Colonial Pipeline shows just how much money they were able to extort during a fairly short crime spree: about $90 million in approximately seven months…say researchers with Elliptic, a blockchain analysis firm that specializes in tracking criminals.

In fact, DarkSide and its partners operated a network of 47 different wallets, each used to collect ransoms from multiple victims, Elliptic reported Tuesday. After the money changed hands, it was frequently funneled through crypto exchanges where it could be translated into fiat. In other cases, it was sent through Hydra, a popular European darknet marketplace that offers “cash-out services,” Elliptic researchers write. All told, affiliates gained some $74.7 million from the attacks, while DarkSide—as the developer—earned about $15.5 million.

“According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million,” writes Tom Robinson, Elliptic’s co-founder.

Not a bad gig if you feel like running the risk. We all know that crime pays. Just depends on whether or not you get away with it. In my hipster youth [1960’s definition, please], I knew more than a few criminals. They all put it in classic terms. “If you can’t do the time, don’t do the crime!”

2 thoughts on “In 7 months before going into hiding, the Colonial Pipeline hackers extorted $90 million

  1. p/s says:

    JBS Holdings, the world’s largest meat company by sales, paid $11 million in its May 30 bitcoin ransomware attack, attempting to avoid further disruption to its business.
    As reported by The Wall Street Journal on Wednesday, payment was made to a group REvil, who left no trace as to how they managed to infiltrate the company’s systems. The attack shares similarities with the Colonial Pipeline ransomware attack that occurred on May 14.
    The Colonial Pipeline Ransomware Attack and the Perils of Privately Owned Infrastructure : For years, businesses have resisted efforts from the federal government to hold them to robust cybersecurity standards.
    In the past year, a surge of ransomware attacks has made a disruptive period even more difficult. In December, the acting head of the federal Cybersecurity and Infrastructure Security Agency said that ransomware was “quickly becoming a national emergency.” Hackers hit vaccine manufacturers and research labs. Hospitals lost access to chemotherapy protocols; school districts cancelled classes. Companies scrambling to accommodate a fully remote workforce found themselves newly vulnerable to hackers.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.