Colonial Pipeline hackers received $90M in ransom from dozens of victims, report finds

The hackers behind the cyberattack on the Colonial Pipeline, DarkSide, received $90 million in bitcoin ransom payments over the past nine months from dozens of online victims before shutting down last week, according to new research released Tuesday.

DarkSide is a group of organized hackers, suspected to be based in Eastern Europe, selling software hacking tools to other criminals to carry out attacks on wealthy organizations and entities. The FBI confirmed the group was responsible for the pipeline attack earlier this month that caused major oil shortages on the East Coast of the United States.

The average amount that DarkSide received from 47 online victims in the past year was approximately $1.9 million, according to British blockchain analytics firm Elliptic.

“To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound,” said Tom Robinson, Elliptic’s co-founder and chief scientist.

TOP REPUBLICAN ENERGY REGULATOR CALLS FOR NEW CYBERSECURITY RULES TO PREVENT PIPELINE ATTACKS

Last week, security researchers Intel 471 confirmed that DarkSide had closed down its operations after being cut off from its online servers and having its cryptocurrency wallets forcibly removed.

The hackers also blamed “pressure from the U.S.” for shutting down, according to a note from the group obtained by Intel 471.

The majority of cryptocurrency funds paid in ransom to criminal groups like DarkSide can be converted into fiat money like U.S. dollars, Elliptic said.

Cryptocurrencies such as Bitcoin and Ethereum have gained a reputation for use in some criminal activities because those who use such digital currencies often don’t have to reveal their identity for many everyday transactions.

However, most cryptocurrency exchanges, or marketplaces for buying and selling digital coins, must comply with anti-money laundering regulations that do verify customers’ identities, just in case, and report suspicious activity to the authorities.

CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER

Some cities and countries do not enforce these regulations, though, and it is through cryptocurrency exchanges in such locations, like those in parts of Eastern Europe, that much of the DarkSide ransom payments were sent, Elliptic said.

Related Content