Colonial Pipeline Co., the largest US pipeline had reportedly paid US$5 million in cryptocurrency to the Eastern European based hacker group DarkSide. The hacking group was responsible for the six-day outage at the gasoline delivery system this week that led to fuel shortages and the US federal government declaring regional emergency. DarkSide, first surfaced in August 2020, operates as ransomware-as-a-service, where profit is shared between the owners and affiliates. In less than a year, the group gained prominence in cybersecurity industry.
DarkSide Bitcoin wallet identified
Blockchain analysis and anti-money laundering tolls provider Elliptic had said that it had identified the bitcoin wallet used by hacker group to receive ransom amounts. The identified wallet received 75 bitcoin on May 8, coinciding with the Colonial attack. The hacker group once they received the payment, had provided the gasoline operator with decrypting tools to restore systems. According to a report on Bloomberg, the decrypting tool was too slow that the operator had use its own backups to restore the system. Elliptic in a blogpost said that the wallet used by hacker group has been active since 4 March 2021 and received BTC worth $17.5 million in total. The transactions match the attacks on various critical infrastructure entities which include 78.29 BTC payment by German chemical distribution company Brenntag on May 11. The hacker group targeted the North American division of Brenntag in early May and encrypted the devices on the network.
The group recruits affiliates who provide access to and deploy ransomware on target systems. The victim entities of the hacking group span across sectors and are primarily located in the United States. On this Friday, Japanese conglomerate in a statement said its European subsidiaries have been hit by a cyber attack in early May. WSJ, citing company sources said, DarkSide is behind the attack. The Japanese entity did not state if any ransom amount was paid to the attackers.
DarkSide announces shutbown
On May 13, the hacker group announced disbanding of the service in the background of seizure of their infrastructure, including their blog, payment, and CDN servers by law enforcement agencies. It is unclear, which country’s law enforcement is responsible for seizure. So far, there is no evidence to corroborate these claims by the hacker group. Such shutdown announcements are also used by hacker groups to go away from limelight and distribute the ransom amounts among the members.
A report by Blockchain analysis firm Chainalysis, noted that the criminal activity represented 2.1% of all cryptocurrency transaction volume, or roughly $21.4 billion worth of transfers. In 2020, however, the criminal share of all cryptocurrency activity fell to just 0.34%, or $10.0 billion in transaction volume while overall cyrptocurrency economic activity nearly tripled between 2019 and 2020.