Colonial Pipeline hackers DarkSide to shut down after losing control and money
DarkSide, the group that was responsible for hacking the Colonial Pipeline that caused fuel shortages and price hikes across the US, is reportedly shutting down due to “pressure” from the US government.
The group’s name-and-shame blog, ransom collection website
and content delivery network (CDN) were seized, while funds from their
cryptocurrency wallets were transferred to unknown accounts by unidentified
entities, DarkSide said in a message shared on multiple cyber crime forums and
hacking websites.
“We lost access to the public part of our infrastructure, in
particular to the blog, payment server, CDN servers … these servers cannot be
accessed and the hosting panels have been blocked,” DarkSide said.
“A couple of hours after the seizure, funds from the payment
server [belonging to DarkSide and its clients] were withdrawn to an unknown
account,” it added.
DarkSide, which made its first appearance in August, is a
relatively new group that released ransomware strains. It also ran an affiliate
programme to facilitate other hacker groups in their infiltration attempts.
The group said it has issued decryption software to all its
partners and affiliates to retrieve the encrypted data.
“In view of the above [account seizures] and due to the
pressure from the US, the affiliate programme is closed,” DarkSide said.
“You will be given decryption tools for all the companies
that haven't paid yet … you will be free to communicate with them wherever you
want in any way you want.”
The cyber security market is forecast to be worth $363.05
billion over the next five years. Getty What is DarkSide and how does it
operate?
Bitcoin dives as Tesla’s Elon Musk reverses course on
accepting crypto
DarkSide follows the RaaS (ransomware-as-a-service) model,
meaning it will sell or lease ransomware to others to perform attacks. The
group also has a help desk to facilitate negotiations with victims and to
collect information about their targets.
Industry experts said this could be an attempt by DarkSide
to avoid public attention and negative publicity.
“We have not independently validated these claims and there
is some speculation by other actors that this could be an exit scam,” Kimberly
Goody, senior manager of financial crime analysis at Mandiant, a subsidiary of
FireEye, said.
DarkSide is a typical case of criminal groups involved in
“big game hunting”, Vladimir Kuskov, head of threat exploration at
Moscow-headquartered Kaspersky, said.
“It looks like they did not expect such consequences and
attention after the latest attack on Colonial Pipeline and now they are
planning to introduce some sort of moderation to avoid such situations in the
future,” said Mr Kuskov.
DarkSide’s statement came after US President Joe Biden said
the authorities will go after those responsible for the attack on the Colonial
Pipeline .
“We have been in direct communication with Moscow about the
imperative for responsible countries to take decisive action against these
ransomware networks,” Mr Biden said at a press conference on Thursday.
The attack established the need to improve cyber defence
capabilities of the US, he said. Mr Biden proposed $4 trillion of spending on
infrastructure, social welfare and education programmes.
Colonial paid nearly $5 million to hackers on Friday,
Bloomberg reported, despite reports that the company had no intention of paying
a ransom to regain control of its systems.
Comments
Post a Comment