The ransomware group has accumulated over $90 million in Bitcoin before disbanding its operation, according to researchers.
Analysts from Elliptic, a UK blockchain analytics firm, discovered DarkSide’s digital wallet – which had been emptied. It had previously contained over $90 million in Bitcoin the group had accrued from their ransomware attacks, averaging approximately $1.9 million ransom paid per victim.
“In total, just over $90m in Bitcoin ransom payments were made to DarkSide, originating from 47 distinct wallets.” Co-Founder and Chief Scientist of Elliptic, Dr. Tom Robinson, wrote in a report published on Tuesday.
The cybercrime group shut down their site on the Dark Web on 13th May and emptied their Bitcoin wallet.
DarkSide operated under a ‘Ransomware as a Service’ (RaaS) model, with their malware being created by a ransomware developer. Ransomware affiliates would then be responsible for infecting the target systems and negotiating the ransom payments.
In a recent report from Intel 471, DarkSide informed their ransomware partners that use their tools to launch cyber-attacks that sales of its software have come to a halt.
Researchers from FireEye also discovered that the money DarkSide accumulated had been divided up between the developers and affiliates who had deployed it successfully. Developers were reportedly paid 25% for ransoms less than $500,000 and 10% of those greater than $5 million.