Following the Blockchain: DarkSide Ransomware Network
DarkSide is a Ransomware-as-a-Service (RaaS) operator responsible for the Colonial Pipeline ransomware attack in May last month, which caused gasoline futures to rise to their highest level in 3 years and disrupted fuel delivery across the Southeastern U.S. This article highlights what we know about DarkSide and explains how BTC flows among its network. Transaction hashes and specific entities have been omitted to protect the integrity of ongoing investigations.
DarkSide is a cyber crime organi zation in the business of developing ransomware software and then leasing the ransomware to a specific network of “Affiliates” (hackers) who then extort bitcoin from large organizations. They first appeared on Russian forums in August 2020 and are highly organized. Some interesting highlights:
Blockchain data reveals that DarkSide Admins and Affiliates generated ~2,369.13 BTC via 74 transfers from multiple ransomware campaigns between 10/6/2020 and 5/11/2021. Interestingly, most of the BTC sourced by the victims appear to have originated from two U.S.-based OTC Exchanges.
