DarkSide Malware Operators Say They Lost Access To Their Servers

DarkSide malware operators
Written by Emma Davis

DarkSide malware operators, which attacked Colonial Pipeline, the largest fuel pipeline company in the United States at the end of last week, said they had lost access to their servers and web pages.

The malware attack caused problems with the supply of gasoline, diesel fuel, aviation fuel and other refined products, and an emergency regime was introduced in a number of states.

The company’s pipeline is now back to normal operation, but media reports indicate that the company was able to recover from the attack so quickly because it paid the attackers a ransom of $5,000,000.

It is also worth noting that according to Bleeping Computer, a large chemical company Brenntag, also affected by the DarkSide attack this spring, recently paid the hackers a ransom of $4,400,000.

Let me remind you that the DarkSide group has been active since August 2020 and operates under the ransomware as a service (RaaS) scheme, actively advertising malware on the darknet and collaborating with other hack groups.

DarkSide is a classic“ big game hunter,” that is, it predominantly attacks large corporate networks, encrypts data, and then demands huge ransoms from the affected companies. If victims refuse to pay, Darkside members post their stolen data on their site on the darknet.”, information security experts say.

I also said that Hackers that Attacked Colonial Pipeline Reported Attacks on Three More Companies.

As the attack on the Colonial Pipeline attracted the attention of experts and media from around the world, the hackers rushed to release a statement as well. While the press initially attributed the attack to Russian government hackers, a “press release” posted on the DarkSide website on May 10 stated that the group was apolitical and pursued solely its own goals. Also, the hackers did not seem to be happy about the chaos this attack provoked. They promised to further scrutinize future goals.

Then US President Joe Biden said at a press conference that there is no information about the involvement of the Russian government in this attack, but, according to American intelligence services, the members of the hack group may indeed be on Russian territory.

This week, Joe Biden said that the US authorities intend to interfere with the work of the hack group.

Today, May 14, 2021, DarkSide operators reported that they have lost control of their web servers and the funds received from the ransom payments.

A few hours ago we lost access to the public part of our infrastructure, namely: blog, payment server, CDN servers. These servers are now unavailable via SSH and the hosting panels are locked.the operator DarkSide, known as Darksupp, writes, and also complains that the hosting provider has refused to help.

In addition, the hackers say that the cryptocurrency was withdrawn from the server where the ransoms were received. According to Darksupp, the group should have divided these funds between themselves and their “partners” (cybercriminals who hack victims’ networks and deploy malware in them), but now the money has been transferred to an unknown wallet.

The Register notes that, apparently, while the American authorities did not take any measures against the hack group, DarkSide operators could simply use President Biden’s statements as a cover. That is, the group itself blocked its own infrastructure and disappeared with the money without paying “partners” (classic exit scam).

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply