Darkside Claims To Be Shutting Down After Colonial Pipeline Ransonware Attack

Submitted by News Desk on

According to Krebs on Security and multiple other cyber security firms, the group Darkside has said it has shutdown and disband permanently.  The group posted a message saying that it had lost control of servers and infrastructure needed to carry out its ransomware attacks like the one it made on Colonial Pipeline causing fuel shortages along the east coast of the U.S.  They also said the account that holds their cryptocurrency they use to pay affiliates had been hacked and that all their cryptocurrency had been taken.  “A few hours ago, we lost access to the public part of our infrastructure," the message continues. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address.”

Darkside also claims that it sent out decryption tools to every company or entity that it had attacked but not yet received payment for the deception tool.  They also went on to say their servers had been confiscated, but did not say in which country their servers were located.  Most experts say they are based in Russia because of special coding within the ransomware virus which instructs it to not attack systems that use the Russian language.  It is not yet clear if the U.S. government was involved in this event or if the U.S. pressured Russia to step in and shut down Darkside.