Skip to content
Subscriber Only

DarkSide Hackers Mint Money With Ransomware Franchise

  • Group connected to Colonial Pipeline attack has long history
  • Russia-linked DarkSide reinvented itself as cybercrime evolved
Video player cover image
How DarkSide Hackers Created a Ransomware Franchise

When a new ransomware group popped up on the scene last year, the hackers did what’s in vogue for digital extortion organizations these days: They issued a press release.

The hackers had already made “millions of dollars” in profit working as affiliates for other groups when they decided to go out on their own, the announcement said. “We created DarkSide because we didn’t find the perfect product. Now we have it.”

That product -- essentially a set of hacking tools and related services -- was responsible for the shutdown last week of the biggest fuel pipeline in the U.S., raising gas prices on the Eastern Seaboard and turning DarkSide into a household name.

Much of the U.S. has been riveted by the attack ever since, and even Americans who knew little about ransomware are getting a lesson in the uniquely lucrative world of global cybercrime.

As its coming-out announcement suggests, DarkSide is less a single hacking group than a sort of criminal franchise. The platform supplies affiliates with tools and follow-up services in much the same way McDonald’s Corp. supplies local store owners with pre-made soft serve and frozen hamburger patties.