Over the last nine months, the DarkSide ransomware group has received at least $90 million in ransom payments from its victims.
In just one-week, Colonial Pipeline, the largest oil pipeline system in the United States, and Brenntag, a major chemical distribution company in Germany, made up about 10% of the profit.
Also read: Colonial Pipeline hit by ransomware attack, shuts down operation
Elliptic, a blockchain research firm, looked at ransom payments to DarkSide from 47 different Bitcoin wallets.
Since October 2020, more than $90 million has been spent on transactions.
If all of these are the fees the ransomware group received from its victims, the average ransom is estimated to be $1.9 million, making the gang one of the most greedy in the ransomware industry.
According to a report, DarkTracer, a dark web intelligence service, has counted 99 DarkSide victims, though the number may be higher.
eSentire, a managed detection and response (MDR) service provider, published a blog on May 12, a day before DarkSide operations ended, claiming that 59 victims were reported on the gang’s leak site, which would be in addition to the 47 victims identified by Elliptic.
DarkSide, which first appeared on the ransomware arena in August 2020, quickly established itself as a profitable player.
Cybercriminals made around $10 million from attacks on Colonial Pipeline and Brenntag Chemical Distribution, with the former paying approximately $5 million and the latter paying a $4.4 million ransom.
You might also like: Colonial Pipeline ransomware attack: Paid $5 million ransom
Since DarkSide is a ransomware-as-a-service (RaaS) provider, their profits were split between the malware’s developers and the affiliates who infiltrated into victim networks, stole data, and distributed the file-encrypting malware.
Affiliates, also known as partners, typically receive a large portion of the profits because they do the majority of the work.
DarkSide received anywhere from 75 percent to 90 percent of the profit, depending on the size of the ransom.
For ransoms of less than $500,000, the DarkSide developers would take 25%; for payments of more than $5 million, the share would drop to 10%.