Colonial Pipeline hackers DarkSide to shut down after losing control and money

DarkSide, the group that was responsible for hacking the Colonial Pipeline that caused fuel shortages and price hikes across the US, is reportedly shutting down due to “pressure” from the US government.

The group’s name-and-shame blog, ransom collection website and content delivery network (CDN) were seized, while funds from their cryptocurrency wallets were transferred to unknown accounts by unidentified entities, DarkSide said in a message shared on multiple cyber crime forums and hacking websites.

“We lost access to the public part of our infrastructure, in particular to the blog, payment server, CDN servers … these servers cannot be accessed and the hosting panels have been blocked,” DarkSide said.

“A couple of hours after the seizure, funds from the payment server [belonging to DarkSide and its clients] were withdrawn to an unknown account,” it added.

DarkSide, which made its first appearance in August, is a relatively new group that released ransomware strains. It also ran an affiliate programme to facilitate other hacker groups in their infiltration attempts.

The group said it has issued decryption software to all its partners and affiliates to retrieve the encrypted data.

“In view of the above [account seizures] and due to the pressure from the US, the affiliate programme is closed,” DarkSide said.

“You will be given decryption tools for all the companies that haven't paid yet … you will be free to communicate with them wherever you want in any way you want.”

The cyber security market is forecast to be worth $363.05 billion over the next five years. Getty What is DarkSide and how does it operate?

Bitcoin dives as Tesla’s Elon Musk reverses course on accepting crypto

DarkSide follows the RaaS (ransomware-as-a-service) model, meaning it will sell or lease ransomware to others to perform attacks. The group also has a help desk to facilitate negotiations with victims and to collect information about their targets.

Industry experts said this could be an attempt by DarkSide to avoid public attention and negative publicity.

“We have not independently validated these claims and there is some speculation by other actors that this could be an exit scam,” Kimberly Goody, senior manager of financial crime analysis at Mandiant, a subsidiary of FireEye, said.

DarkSide is a typical case of criminal groups involved in “big game hunting”, Vladimir Kuskov, head of threat exploration at Moscow-headquartered Kaspersky, said.

“It looks like they did not expect such consequences and attention after the latest attack on Colonial Pipeline and now they are planning to introduce some sort of moderation to avoid such situations in the future,” said Mr Kuskov.

DarkSide’s statement came after US President Joe Biden said the authorities will go after those responsible for the attack on the Colonial Pipeline .

“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Mr Biden said at a press conference on Thursday.

The attack established the need to improve cyber defence capabilities of the US, he said. Mr Biden proposed $4 trillion of spending on infrastructure, social welfare and education programmes.

Colonial paid nearly $5 million to hackers on Friday, Bloomberg reported, despite reports that the company had no intention of paying a ransom to regain control of its systems.