DarkSide, the group responsible for the Colonial Pipeline cyber attack that caused fuel shortages and price increases across the US, is reportedly shutting down due to "pressure" from the US government.
The group's name-and-shame blog, ransom collection website and content delivery network, or CDN, were seized while funds from their cryptocurrency wallets were transferred to unknown accounts by unidentified entities, DarkSide said in a message shared on several cyber crime forums and hacking websites.
“We lost access to the public part of our infrastructure, in particular to the blog, payment server, CDN servers … these servers cannot be accessed and the hosting panels have been blocked,” DarkSide said.
“A couple of hours after the seizure, funds from the payment server [belonging to DarkSide and its clients] were withdrawn to an unknown account.”
DarkSide, which made its first appearance in August, is a relatively new group behind ransomware attacks. It also ran an affiliate programme to help other hacker groups in their infiltration attempts.
The group said it issued decryption software to all its partners and affiliates to retrieve the encrypted data.
“In view of the above [account seizures] and due to the pressure from the US, the affiliate programme is closed,” DarkSide said.
“You will be given decryption tools for all the companies that have not paid yet … you will be free to communicate with them wherever you want in any way you want.”
DarkSide follows the ransomware-as-a-service model, meaning it sells or leases ransomware to others to carry out attacks.
The group also has a help desk to arrange negotiations with victims and to collect information about their targets.
Industry experts said this could be an attempt by DarkSide to avoid public attention and negative publicity.
“We have not independently validated these claims and there is some speculation by other actors that this could be an exit scam,” said Kimberly Goody, senior manager of financial crime analysis at Mandiant, a subsidiary of FireEye.
DarkSide is a typical case of criminal groups involved in “big game hunting”, said Vladimir Kuskov, head of threat exploration at Moscow-based Kaspersky.
“It looks like they did not expect such consequences and attention after the latest attack on Colonial Pipeline and now they are planning to introduce some sort of moderation to avoid such situations in the future,” he said.
DarkSide’s statement came after US President Joe Biden said the authorities would go after those responsible for the Colonial Pipeline attack.
“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Mr Biden said on Thursday.
The attack established the need to improve the cyber defence capabilities of the US, he said.
Mr Biden outlined plans to spend $4 trillion on infrastructure, social welfare and education programmes.
Colonial paid about $5 million to hackers on Friday to regain control of its systems, according to Bloomberg. In earlier reports, the company had insisted that it did not plan to pay the ransom.
The largest pipeline in the US - in pictures:
-
Holding tanks are seen in an aerial photograph at Colonial Pipeline's Dorsey Junction Station in Woodbine, Maryland. A ransomware attack on the 2.5 million barrels per day Colonial Pipeline has endangered access to fuel for the US East Coast. Reuters -
A truck passes holding tanks at Colonial Pipeline's Linden Junction Tank Farm in Woodbridge, New Jersey. The US government issued emergency laws to allow for fuel to be transported by road. Reuters -
A sign marks the below-ground location of a Colonial Pipeline petroleum pipeline in Woodbine, Maryland, USA.The pipeline, traverses a distance of 8,850 kilometres and carries gasoline and jet fuel from Texas to New York. EPA -
Traffic moves along Pennsylvania Route 61 as gas prices are seen on the sign at a Sunoco gas station. A cyberattack on a critical US pipeline is sending ripple effects across the economy, highlighting cybersecurity vulnerabilities in the nation's aging energy infrastructure. The average gasoline price jumped six cents to $2.96 over the past week, and it’s expected to continue climbing because of the pipeline closure, according to AAA. AP Photo -
Vehicles are seen near Colonial Pipeline in Helena, Alabama. Colonial Pipeline said in a statement late Friday that it “took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems.” AP Photo -
The main terminal at Washington Dulles International Airport in Dulles, Virginia. Colonial Pipeline supplies Dulles with jet fuel. Colonial is the largest fuel pipeline system in the US servicing major airports along the east coast. AFP
