Skip to main content

DarkSide hacking group apparently shuts down following pipeline attack

Lock on Laptop Screen
(Image credit: Future)
Audio player loading…

The DarkSide ransomware gang blamed for attacking Colonial Pipeline (opens in new tab) and disrupting fuel supplies across the US last week has apparently closed shop, as per cybersecurity (opens in new tab) researchers.

DarkSide pinned last week’s Colonial attack on one of its customers, which leveraged the gang’s ransomware-as-a-service model to use its malicious tools. The cyber criminals claimed to be apolitical (opens in new tab) and were just in the game to make money.

Given the statements from the US authorities following the attack, many were expecting a strong response from the country.

TechRadar needs yo...

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window (opens in new tab)<<

Servers were seized (opens in new tab) (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel as spotted by security researcher Brian Krebs.

Following the loss of its infrastructure, security firms such as FireEye and Intel 471 claim that DarkSide has told associates that it was left with little option but to shut down, reports the Wall Street Journal

State-sponsored action?

The attack seems to have precipitated US President Joe Biden to sign an executive order (opens in new tab) that outlines steps for software vendors to engage with the government in order to prevent possible future cyberattacks. 

President Biden also confirmed that the FBI has strong evidence to believe that the attack originated in Russia (opens in new tab), but added that there’s nothing to suggest that the Russian government had any part to play in the attack. 

He further confirmed that his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate.” 

Significantly, when asked if he would rule out whether the U.S. would respond with cyber operations, President Biden replied with an emphatic “No.”

Changing tack?

While it appears that the shutdown is due to US involvement, some cybersecurity experts think it might all just be an eyewash.

“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., which helps victims respond to ransomware incidents. 

Krone believes that DarkSide might simply reappear under another name, once the heat has blown over.

Via Wall Street Journal (opens in new tab)

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.