TechGuard Blog

The Rise and Fall of DarkSide Ransomware

The ransomware gang behind the recent Colonial Pipeline attack earlier this month has been reported to have received upwards of $90 million in ransom payments over the last nine months. That follows a spree of ransomware dispersed by DarkSide, leading them to become one of the most profitable ransomware groups.

How many companies have been affected?

According to blockchain experts at Elliptic, around 99 organizations have been infected with the DarkSide ransomware. They found that 47 distinct crypto wallets had made payments to the DarkSide gang. That means almost 50% of victims paid the ransom and that the average ransom payment was about $1.9 million.

Who received the money?

With $90 million paid out in cryptocurrency, who is receiving this money, or how is it being split up? The developer of the DarkSide ransomware is said to have received about $15.5 million while the rest has been dispersed to the group's affiliates. This split of payment is easily distinguishable on the blockchain between the developer and the affiliate.

Is this going to continue?

Ransomware isn't going anywhere anytime soon. However, we can't say the same about DarkSide. After the attack on Colonial, the ransomware gang announced that their servers were seized by law enforcement, thus halting their operations. That led the associated bitcoin wallet to be emptied into an unknown account. This last attack on the energy industry and critical infrastructure should hopefully spurn greater focus on implementing the necessary strategies to protect these networks, preventing significant disruption in the future.


If you are interested in learning more about how to protect your organization from ransomware, contact us today.

Written by Matthew Rech