DarkSide, the hacker group behind the Colonial Pipeline ransomware attack earlier this month, received $90 million in bitcoin payments following a nine-month ransomware spree, making it one of the most profitable cybercrime groups.
“In total, just over $90 million in bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets,” blockchain analytics firm Elliptic said. “According to DarkTracer, 99 organisations have been infected with the DarkSide malware – suggesting that approximately 47% of victims paid a ransom, and that the average payment was $1.9 million.”
Of the total $90 million haul, the DarkSide’s developer is said to have received $15.5 million in bitcoins, while the remaining $74.7 million was split among its various affiliates. FireEye’s research into DarkSide’s affiliate program had previously revealed that its creators take a 25% cut for payments under $500,000 and 10% for ransoms above $5 million, with the lion’s share of the money going to the recruited partners.
Elliptic co-founder and chief scientist Dr. Tom Robinson said the “split of the ransom payment is very clear to see on the blockchain, with the different shares going to…