DarkSide, the hacker group behind the Colonial Pipeline ransomware attack, racked up $90 million in bitcoin from ransom payments before shutting down, according to a May 18 CNBC article. Here's what that could mean for ransomware attacks in the healthcare industry.
Six details:
- The FBI blamed DarkSide for the attacks that halted Colonial Pipeline's operations. The Eastern European group reportedly received $5 million in ransom payments from Colonial, according to CNBC.
- DarkSide operates a "ransomware as a service" business model that sells ransomware tools to other criminals, who carry out attacks.
- Blockchain analytics firm Elliptic said DarkSide collected $90 million in bitcoin from 47 victims over a nine-month period from ransom payments. On May 14, DarkSide closed down its operations after losing access to its servers and having $5.3 million in bitcoin drained from its virtual wallet.
- This is both good and bad news for hospitals. On a positive note, it shows that increased federal involvement is working. DarkSide blamed pressures from the U.S. government in its operations being halted, according to a note cybersecurity research group Intel 471 obtained.
- There is also speculation that the $5.3 million worth of cryptocurrency had been seized by the U.S. government, CNBC reported. However, it has not been confirmed.
- On the other hand, it means some victims of ransomware attacks are paying the ransoms demanded, something cybersecurity experts and federal officials have warned will only continue to incentivize attacks.