DarkSide ransomware shuts down on back of US pressure, lost server access

The DarkSide ransomware variant that was responsible for bringing operations at a US pipeline to a standstill last week has allegedly shut down.

According to Bleeping Computer, the ransomware operation has shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.

Bleeping Computer also highlighted that cybercrime intelligence firm Intel471 was able to gain access to the full message sent to associates of the DarkSide ransomware operation. This message found DarkSide decided to close their operation ‘due to the pressure from the US’ alongside losing access to their public-facing servers.

The original news was accessed through a forum post written on the Exploit hacking forum and was authored by a threat actor named ‘UNKN’. UNKN claimed the threat actors lost access to their public data leak site, payment servers and CDN servers due to law enforcement action.

This follows a recent announcement by US President Joe Biden that countries harbouring ransomware networks must take immediate action to shut them down.

However, it has been found that the DarkSide Tor payment server is still currently operational.

This latest twist in the saga comes a week after the Colonial Pipeline – a pipeline that transports 100 million gallons of fuel daily to customers from New York to Texas – saw operations halted after it was forced to close down some of its IT systems due to the hack by DarkSide.

A day later, the FBI declared that the cybercriminal behind the recent Colonial Pipeline was a ransomware variant known as DarkSide. Despite this, Colonial went on to pay the $5m ransom given by DarkSide following the finding.

Copyright © 2021 RegTech Analyst

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.