DarkSide Ransomware gang was behind the recent Colonial Pipeline cyberattack however it is unclear who is behind the seizure of DarkSide’s cyberinfrastructure.
The DarkSide ransomware cybercriminals group involved in the six-day outage at Colonial Pipeline last week that led to fuel shortages and price spikes across the United States is calling it quits.
The crime gang announced it was shutting down operations after its servers were seized and some unknown actor drained the cryptocurrency from the account the group uses for its payments.
If accessed via TOR on the dark web, the DarkSide site address shows a notice saying that it cannot be found.
Their message posted by the group also stated: “A few hours ago, we lost access to the public part of our infrastructure.”
Continuing forward, the message explained the outage affected its victim-shaming blog where stolen data is published from victims who refuse to pay a ransom.
The outage also took down its payment server and those that supply its distributed denial-of-service feature, which is used to turn up the heat on victims who balk at paying.
The update also claimed that the DarkSide organizers were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.
“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions detailed.
As brought about by some experts, especially Intel471, some core members of the DarkSide are also closely tied to the REvil gang. It comes as no surprise that some of the detailed passages in the message by the DarkSide are apparently penned by a leader of the REvil ransomware-as-a-service platform.
According to Brian Krebs, the REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the “social sector” (defined as healthcare and educational institutions) and organizations in the “gov-sector” (state) of any country. Affiliates also will be required to get approval before infecting victims.
At the time of publishing this article, it was still unclear who forced down Darkside’s website and who was behind draining their cryptocurrency account.