News

#Colonial Pipeline hackers DarkSide lost control of ransom money

“#Colonial Pipeline hackers DarkSide lost control of ransom money”

Cybercrime group DarkSide said it has lost control of its web servers and some of the money it’s made off ransom payments after the FBI confirmed that the gang was behind the $5 million ransomware attack on Colonial Pipeline last week that spurred gas shortages and panic buying across the Southeast.

Analysts at security research firm FireEye said that messages are circulating in multiple cybercriminal forums that say DarkSide has shut down amid pressure from the US and law enforcement.

“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” read a post online by user Darksupp, the operator of DarkSide, according to The Record.

The announcement was posted Thursday evening on cybercrime underground community Exploit Forum, according to Recorded Future threat intelligence analyst Dmitry Smilyanets.

It remains unclear if the announcement is a ruse for the group to escape attention or avoid paying its partners. Cybersecurity analysts warned that anything posted by DarkSide operators should be taken with a grain of salt.

The FBI confirmed that Darkside was behind the $5 million ransomware attack on Colonial Pipeline. — The FBI confirmed that DarkSide was behind the $5 million ransomware attack on Colonial Pipeline.

Darksupp also claimed that cryptocurrency funds were withdrawn from the hacker group’s payment server, which hosted ransom payments made by victims such as Colonial Pipeline, the report said. The funds, which the group is typically supposed to split between itself and its partners, were transferred to an unknown wallet, Darksupp said, according to The Record.

Mandiant Threat Intelligence, a subsidiary of FireEye, said DarkSide shared a statement Thursday with its criminal partners announcing that it would shut down. The message has been shared in multiple cybercrime circles, Mandiant said.

“This announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers and would be closing their service,” Kimberly Goody, senior manager of financial crime analysis at Mbandiant, said in a statement. “The post cited law enforcement pressure and pressure from the United States for this decision.”

President Joe Biden said that "we pursue a measure to disrupt" Darkside's ability to operate. — President Joe Biden said that “we pursue a measure to disrupt” DarkSide’s ability to operate.

“We have not independently validated these claims and there is some speculation by other actors that this could be an exit scam,” she added. Goody said victims of the criminal group who have not paid ransom would be given decryptors to get their stolen data back, according to the messages shared on the cybercrime forums.

The cybergang’s claims come after President Biden said the US would go after the group.

“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Biden said Thursday at a press conference.

Motorists wait in line to fill their cars with at a gas station in Alexandria, Virginia following Colonial Pipeline's shutdown. — Motorists wait in line to fill their cars at a gas station in Alexandria, Virginia, following Colonial Pipeline’s shutdown.

“We are also going to pursue a measure to disrupt their ability to operate,” he added.

The White House did not immediately return The Post’s request for comment.

If you liked the article, do not forget to share it with your friends. Follow us on Google News too, click on the star and choose us from your favorites.