DarkSide claims it's shutting down after Colonial Pipeline hack

  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.
·2 min read
In this article:
  • Oops!
    Something went wrong.
    Please try again later.
  • Oops!
    Something went wrong.
    Please try again later.

The hacker group DarkSide, which was responsible for a ransomware attack that shut down the Colonial Pipeline and led to fuel shortages in multiple states this week, claims to be shutting down, Krebs on Security and several cybersecurity firms report.

Why it matters: In a message from a cybercrime forum, the group said it had lost access to the infrastructure needed to carry out its extortion operations and that a cryptocurrency account it uses to pay its affiliates had been drained.

Get market news worthy of your time with Axios Markets. Subscribe for free.

What they're saying: “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads the message, which was reviewed by Krebs.

  • “A few hours ago, we lost access to the public part of our infrastructure," the message continues. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address."

  • The group also claimed it released decryption tools to all companies it had attempted to extort, but had not yet been paid.

Between the lines: Security experts say cyber criminal groups often disband and return under different names, and it therefore can't be determined if the disruption to DarkSide's infrastructure is legitimate or permanent, according to the Wall Street Journal.

  • It is also unknown if the U.S. government had any role in the events that led to the group's closure.

The big picture: Colonial Pipeline reportedly paid hackers linked to DarkSide nearly $5 million in cryptocurrency after last week's ransomware attack to regain access to its computer systems.

  • President Biden announced Thursday that the Justice Department launched a new task force that will specifically prosecute ransomware hackers "to the full extent of the law."

  • Biden late Wednesday signed an executive order in an attempt to bolster the country's cybersecurity defenses following the cyberattack.

Like this article? Get more from Axios and subscribe to Axios Markets for free.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting