DarkSide malware operators, which attacked Colonial Pipeline, the largest fuel pipeline company in the United States at the end of last week, said they had lost access to their servers and web pages.
The malware attack caused problems with the supply of gasoline, diesel fuel, aviation fuel and other refined products, and an emergency regime was introduced in a number of states.The company’s pipeline is now back to normal operation, but media reports indicate that the company was able to recover from the attack so quickly because it paid the attackers a ransom of $5,000,000.
It is also worth noting that according to Bleeping Computer, a large chemical company Brenntag, also affected by the DarkSide attack this spring, recently paid the hackers a ransom of $4,400,000.
Let me remind you that the DarkSide group has been active since August 2020 and operates under the ransomware as a service (RaaS) scheme, actively advertising malware on the darknet and collaborating with other hack groups.
I also said that Hackers that Attacked Colonial Pipeline Reported Attacks on Three More Companies.
As the attack on the Colonial Pipeline attracted the attention of experts and media from around the world, the hackers rushed to release a statement as well. While the press initially attributed the attack to Russian government hackers, a “press release” posted on the DarkSide website on May 10 stated that the group was apolitical and pursued solely its own goals. Also, the hackers did not seem to be happy about the chaos this attack provoked. They promised to further scrutinize future goals.
Then US President Joe Biden said at a press conference that there is no information about the involvement of the Russian government in this attack, but, according to American intelligence services, the members of the hack group may indeed be on Russian territory.
This week, Joe Biden said that the US authorities intend to interfere with the work of the hack group.
Today, May 14, 2021, DarkSide operators reported that they have lost control of their web servers and the funds received from the ransom payments.
In addition, the hackers say that the cryptocurrency was withdrawn from the server where the ransoms were received. According to Darksupp, the group should have divided these funds between themselves and their “partners” (cybercriminals who hack victims’ networks and deploy malware in them), but now the money has been transferred to an unknown wallet.
The Register notes that, apparently, while the American authorities did not take any measures against the hack group, DarkSide operators could simply use President Biden’s statements as a cover. That is, the group itself blocked its own infrastructure and disappeared with the money without paying “partners” (classic exit scam).
