The cyber terrorists who ran some of the most high tech shakedowns in the world, including the total shutdown of the Colonial Pipeline on the East Coast this past week will no longer be conducing any ransomware hacks.
DarkSide is officially out of business, as the gang announced that their servers were seized and someone drained the stash of cryptocurrency from the account the used to pay affiliates.
This was after they were able to get Colonial to pay about $5 million to allow them to have their computer servers back.
There’s a cybercrime forum (scumbag criminals need to be able to communicate too) that posted a message from the DarkSide creeps that shared their tale of woe.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account. Ransom topics will be removed from the forums.”
On Monday, soon after they planted the ransomware and began to wreak havoc on the U.S. fuel supply on the East Coast, DarkSide made a point to say they were strictly a “for profit” operation. They were not politically active or have ties to any foreign government.
Here’s more from their message. “A few hours ago, we lost access to the public part of our infrastructure.
“Hosting support, apart from information ‘at the request of law enforcement agencies,’ does not provide any other information.”
DarkSide also said they were releasing decryption tools for all the companies they’ve hacked and held hostage that haven’t paid yet.
Here’s something that cyber attack experts have pointed out on KrebsonSecurity.com. There were parts of the message written by a leader of the Revil ransomware-as-service platform.
Security experts have posted in the past when looking at DarkSide that a number of their core members are closely tied to the REvil gang of ransomware hackers.
While there most certainly will be more cyberattacks for ransom of U.S. businesses, government agencies and possibly infrastructure, it will come from a group that is not named DarkSide.