From Elliptic's (crypto analysts) blog:
Elliptic was first to identify the Bitcoin wallet used by the DarkSide ransomware group to receive a 75 Bitcoin ransom payment from Colonial Pipeline.
Colonial was the victim of a ransomware attack on May 7, 2021, which led to a voluntary shutdown of the main pipeline supplying 45% of fuel to the East Coast of the United States. The attack was described as the worst cyberattack to date on U.S. critical infrastructure.
In this new report we expand our original analysis to examine all of the wallets used by DarkSide to receive Bitcoin ransoms from victims over the past nine months.
This relies on Elliptic’s sophisticated blockchain analysis platform, combined with open source intelligence gathered by our team of analysts. To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound.
Over $90 million extracted from 47 victims
In total, just over $90 million in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets. According to DarkTracer, 99 organisations have been infected with the DarkSide malware - suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.
The chart below shows the total value and number of ransom payments made to DarkSide over the past nine months. May was set to be a record month, until DarkSide reportedly shut down its operations on May 13, and its Bitcoin wallet was emptied....
....MUCH MORE