Cybergang behind Colonial Pipeline attack made $90M in bitcoin before shutting down — What that means for hospitals

Hannah Mitchell - Print  | 

DarkSide, the hacker group behind the Colonial Pipeline ransomware attack, racked up $90 million in bitcoin from ransom payments before shutting down, according to a May 18 CNBC article. Here's what that could mean for ransomware attacks in the healthcare industry.

Six details:

  1. The FBI blamed DarkSide for the attacks that halted Colonial Pipeline's operations. The Eastern European group reportedly received $5 million in ransom payments from Colonial, according to CNBC.

  2. DarkSide operates a "ransomware as a service" business model that sells ransomware tools to other criminals, who carry out attacks.

  3. Blockchain analytics firm Elliptic said DarkSide collected $90 million in bitcoin from 47 victims over a nine-month period from ransom payments. On May 14, DarkSide closed down its operations after losing access to its servers and having $5.3 million in bitcoin drained from its virtual wallet.

  4. This is both good and bad news for hospitals. On a positive note, it shows that increased federal involvement is working. DarkSide blamed pressures from the U.S. government in its operations being halted, according to a note cybersecurity research group Intel 471 obtained.

  5. There is also speculation that the $5.3 million worth of cryptocurrency had been seized by the U.S. government, CNBC reported. However, it has not been confirmed. 

  6. On the other hand, it means some victims of ransomware attacks are paying the ransoms demanded, something cybersecurity experts and federal officials have warned will only continue to incentivize attacks.

Copyright © 2021 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.