The DarkSide Gang Netted $90 Million from Ransomware

Posted on by Dawna M. Roberts in News June 01, 2021

In just nine short months, the ransomware gang dubbed DarkSide has netted more than $90 million from victims worldwide. Experts are calling this group one of the most profitable cybercriminal groups in history.

The Inside ScoopDarkSide Ransomware Attack

Threat experts Elliptic, say the gang has extorted just over $90 million spread over 47 different Bitcoin wallets. Ninety-nine organizations have been infected by DarkSide ransomware, and roughly 47% have paid the ransom. The average ransom payment is $1.9 million.

The way DarkSide is organized is the developer of the software takes 25% for payments under $500,000 and 10% when the ransom is over $5 million. Therefore, the developer has netted $15.5 million Bitcoin, and DarkSide affiliates have split the remaining $74.7 million. 

According to The Hacker News “DarkSide, which went operational in August 2020, is just one of many groups that operated as a service provider for other threat actors, or “affiliates,” who used its ransomware to extort targets in exchange for a cut of the profits, but not before threatening to release the data — a tactic known as double extortion.”

Last week, however, DarkSide announced they were closing up shop because their servers and Bitcoin had been seized by law enforcement.

DarkSide Exploits 

One recent very notable victim of DarkSide ransomware is Colonial Pipeline which had to shut down 5550 miles of the pipeline due to the attack. Colonial Pipeline confirmed this week that they paid the DarkSide ransomware gang a ransom of $4.4 million to release their files and unlock their systems to reverse the effects of fuel shortages and a spike in fuel prices.

Experts believe that the attack was not intended to disrupt operations but simply targeting a company with deep enough pockets to reap a great reward. Threat assessors call these “big game hunting” attacks. To confirm this theory, DarkSide was quoted as saying, 

“We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined government and look for other our motives [sic]. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.”

Who is DarkSide?

According to an in-depth article on the DarkSide by KrebsonSecurity 

“First surfacing on Russian language hacking forums in August 2020, DarkSide is a ransomware-as-a-service platform that vetted cybercriminals can use to infect companies with ransomware and carry out negotiations and payments with victims. DarkSide says it targets only big companies and forbids affiliates from dropping ransomware on organizations in several industries, including healthcare, funeral services, education, public sector, and non-profits.”

DarkSide uses the common practice of double-extortion to illicit payments from its victims. How this works is that they first demand a ransom to unlock their encrypted files and systems. Then they demand a second ransom not to expose the exfiltrated personal or sensitive information stolen. 

Oddly enough, DarkSide cares about its reputation among affiliates, and on its “Why Choose Us” page on its marketing website, they profess “High trust level of our targets. They pay us and know that they’re going to receive decryption tools. They also know that we download data. A lot of data. That’s why the percent of our victims who pay the ransom is so high, and it takes so little time to negotiate.”

Recently DarkSide added two new features to their ransomware, including a call service to pressure victims into paying and a DDoS attack follow-up if the ransom is not paid within a specific amount of time.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

Scan Your Records for Breaches, Leaks & Exposures!