DarkSide, an online hacker group, received $90 million in bitcoin payments over a nine-month span of ransomware attacks.  The group, who was behind the Colonial Pipeline ransomware attack earlier this month, is now one of the most profitable cybercrime groups.

“In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” said Elliptic, a blockchain analytics firm. “According to DarkTracer, 99 organizations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”

Of the $90 million raised from the ransomware attacks, DarkSide received $15.5 million in bitcoins. The remaining $74.7 million was split between their affiliates.

Past research into the DarkSide affiliate program conducted by Cybersecurity firm FireEye revealed that DarkSide creators take a 25% cut for payments under $500,000 and 10% for ransoms above $5 million.

Dr. Tom Robinson, co-founder and chief scientist at Elliptic said that the “split of the ransom payment is very clear to see on the blockchain, with the different shares going to separate Bitcoin wallets controlled by the affiliate and developer.”

DarkSide is just one of many online hacker groups that operate with the intention to provide a service for other threat actors who use their ransomware services to extort targets and threaten to expose sensitive data in exchange for a cut of the profits.

In a sudden turn, DarkSide announced its plans to end its Ransomware-as-a-Service (Raas) affiliate program for good. The group claims that their servers have been seized by law enforcement and its bitcoin wallet was also emptied into an unknown account.

The Colonial Pipeline attack, the biggest known cyberattack on the U.S. energy industry, is the latest example of how ransomware attacks are an increasing concern. Colonial Pipeline CEO Joseph Blount told the Wall Street Journal they paid 75 bitcoin (or $4.4 million) to restore access.

Events like the Colonial Pipeline attack increase the need to implement strategies and plans to make sure that vital functions remain operational with critical infrastructure.

Story via The Hacker News