The way that the Colonial Pipeline ransomware attack played out wasn’t at the hands of an (immediately) government-backed effort. Instead it was a ragtag gang of cyber criminals known as the DarkSide group.
Last week it was like America time-traveled back to the 1970s, in terms of fuel shortage. Gas prices spiked amidst news of the hack and it caused shortages in enough areas that a state of emergency was declared for over a dozen states.
Towards the end of last week Bloomberg learned that Colonial Pipeline paid almost $5 million in ransom to DarkSide to get a decryption tool used to restore the company’s computer hardware. This was despite circulated reports suggesting the pipeline company would refuse to pay up.
Now, according to CoinDesk, we’ve got answers as to the Bitcoin address and how much was paid. The outlet says 75 BTC was paid on May 8th. They even posted the exact blockchain address where Colonial Pipeline’s ransom was received at.
CoinDesk got this information from a blockchain detective firm called Crystal Blockchain. The product director there had additional insight, including another company that fell victim to DarkSide’s extortion.
“We analyzed each potential cluster (of addresses) and found additional evidence in one of them: a transaction of $4.4 million, or 78 BTC sent by Brenntag,” Kyryllo Chykhradze told the outlet.
A supplementary report from KrebsOnSecurity from last Friday explains that authorities (from an unnamed country) seized the servers and drained the money from DarkSide’s crypto accounts.
Gas shortages are still ongoing at some places across the US today as the country repairs the supply chain.