Connect with us

Hi, what are you looking for?


DarkSide, Hacking Group Linked to Colonial Pipeline Attack, Says It Is Closing

The criminal group linked to a cyberattack that disrupted gasoline delivery across parts of the southeastern U.S. this week has told hacking associates that it is shutting down, according to security research firms.

A website operated by ransomware group DarkSide, which U.S. officials have said is believed to originate in Eastern Europe, has been down since Thursday, according to security firms FireEye and Intel 471.

The group told affiliates its work was disrupted by a law-enforcement agency, according to an announcement from DarkSide to affiliates obtained by Intel 471. DarkSide didn’t respond to requests for comment earlier in the week.

It is not uncommon for ransomware groups such as DarkSide to disband, only to pop up later under a different name. It couldn’t be determined if the U.S. had any role in DarkSide’s claimed disruption or if the disruption was authentic. The FBI and the Justice Department didn’t immediately respond to requests for comment.

Long lines formed at gas stations along the East Coast on Tuesday, as drivers made a run on gasoline amid fears of shortages due to the shutdown of the U.S.’s largest fuel pipeline following a cyberattack. Photo: Robin Rayne/ZUMA

Colonial Pipeline Co., the operator of a critical gasoline pipeline to the Eastern U.S., became DarkSide’s latest victim this week and paid close to $5 million to the hackers, according to people familiar with the matter. The company shut down the pipeline May 7 and restarted it Wednesday.

President Biden on Thursday said his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate,” though he didn’t elaborate. Asked if he would rule out whether the U.S. would respond with cyber operations, Mr. Biden replied “no.”

Mr. Biden also said he expected to speak to Russian President Vladimir Putin soon about the country tolerating criminal hacking enterprises within its borders. Cybersecurity experts and U.S. officials have said that has allowed international cybercrime originating from Russia to flourish unhindered for years.

In less than a year, DarkSide had gone from a relative unknown in the growing criminal enterprise of ransomware to one of the biggest and most consequential operators in less than a year, security researchers say. The group has grown by recruiting “affiliates”—hackers who will penetrate online networks of businesses or public institutions—with whom it works to disrupt operations. The group splits the ransom money with such affiliates, taking a percentage of the funds, security researchers say.

DarkSide’s criminal efforts brought in at least $60 million in the first seven months of operation, with $46 million of it coming in the first quarter of 2021, according to blockchain research firm Chainalysis Inc. Because Chainalysis has an incomplete picture of all of DarkSide’s activities, the ransomware gang’s total haul was likely larger, the company said.

The Colonial pipeline hack marked another major financial score for Darkside, albeit one that drew significant scrutiny and would have made it difficult to collect payments, according to security researchers

On Monday, the group issued a brief statement on its website saying it was apolitical and would take greater steps to moderate which targets it hit in the future. “Our goal is to make money and not creating problems for society,” the group wrote on its website.

“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., a company that helps victims respond to ransomware incidents.

The shutdown may create challenges for companies who are trying to recover from an infection of the DarkSide ransomware. DarkSide encrypts the contents of victims’ computers, making them unusable. But the hackers are promising to provide decryption software at some time in the future, according to their statement.

Ransomware is part of an emerging and profitable criminal business that generated more than $400 million in income in 2020, according to Chainalysis. Hacking groups like DarkSide have reinvented the process through which criminal networks extort victims. Security researchers call their work ransomware-as-a-service. They make their money by offering customers—criminal hackers—a way to deploy their illegal software and extort victims via a well-designed web interface.

The affiliates are the ones who break into corporate networks, and they get most of the ransom payments—usually around 75%, according to FireEye. DarkSide writes the software, they bill the victims, host stolen data, and even handle tech support and media relations, researchers say.

Write to Robert McMillan at

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

Source link

Leave your vote



You May Also Like


Sed ut perspiciatis unde omnis iste natus error sit voluptatem accusantium doloremque laudantium, totam rem aperiam, eaque ipsa quae.


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.


Quis autem vel eum iure reprehenderit qui in ea voluptate velit esse quam nihil molestiae consequatur, vel illum qui dolorem eum.


Neque porro quisquam est, qui dolorem ipsum quia dolor sit amet, consectetur, adipisci velit, sed quia non numquam eius modi tempora.

Log In

Forgot password?

Forgot password?

Enter your account data and we will send you a link to reset your password.

Your password reset link appears to be invalid or expired.

Log in

Privacy Policy

Add to Collection

No Collections

Here you'll find all collections you've created before.