Skip to main content

DarkSide hacking group apparently shuts down following pipeline attack

Lock on Laptop Screen
(Image credit: Future)

The DarkSide ransomware gang blamed for attacking Colonial Pipeline and disrupting fuel supplies across the US last week has apparently closed shop, as per cybersecurity researchers.

DarkSide pinned last week’s Colonial attack on one of its customers, which leveraged the gang’s ransomware-as-a-service model to use its malicious tools. The cyber criminals claimed to be apolitical and were just in the game to make money.

Given the statements from the US authorities following the attack, many were expecting a strong response from the country.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel as spotted by security researcher Brian Krebs.

Following the loss of its infrastructure, security firms such as FireEye and Intel 471 claim that DarkSide has told associates that it was left with little option but to shut down, reports the Wall Street Journal

State-sponsored action?

The attack seems to have precipitated US President Joe Biden to sign an executive order that outlines steps for software vendors to engage with the government in order to prevent possible future cyberattacks. 

President Biden also confirmed that the FBI has strong evidence to believe that the attack originated in Russia, but added that there’s nothing to suggest that the Russian government had any part to play in the attack. 

He further confirmed that his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate.” 

Significantly, when asked if he would rule out whether the U.S. would respond with cyber operations, President Biden replied with an emphatic “No.”

Changing tack?

While it appears that the shutdown is due to US involvement, some cybersecurity experts think it might all just be an eyewash.

“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., which helps victims respond to ransomware incidents. 

Krone believes that DarkSide might simply reappear under another name, once the heat has blown over.

Via Wall Street Journal

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.