DarkSide hacking group apparently shuts down following pipeline attack

But shutdown could all just be hogwash, believe security researchers

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The DarkSide ransomware gang blamed for attackingColonial Pipelineand disrupting fuel supplies across the US last week has apparently closed shop, as percybersecurityresearchers.

DarkSide pinned last week’s Colonial attack on one of its customers, which leveraged the gang’s ransomware-as-a-service model to use its malicious tools. The cyber criminalsclaimed to be apoliticaland were just in the game to make money.

Given the statements from the US authorities following the attack, many were expecting a strong response from the country.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

“Servers were seized(country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel as spotted by security researcher Brian Krebs.

Following the loss of its infrastructure, security firms such as FireEye andIntel471 claim that DarkSide has told associates that it was left with little option but to shut down, reports theWall Street Journal.

State-sponsored action?

The attack seems to have precipitated US President Joe Biden tosign an executive orderthat outlines steps for software vendors to engage with the government in order to prevent possible future cyberattacks.

President Biden also confirmed that the FBI has strong evidence to believe thatthe attack originated in Russia, but added that there’s nothing to suggest that the Russian government had any part to play in the attack.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

He further confirmed that his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate.”

Significantly, when asked if he would rule out whether the U.S. would respond with cyber operations, President Biden replied with an emphatic “No.”

Changing tack?

While it appears that the shutdown is due to US involvement, some cybersecurity experts think it might all just be an eyewash.

“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., which helps victims respond to ransomware incidents.

Krone believes that DarkSide might simply reappear under another name, once the heat has blown over.

ViaWall Street Journal

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Don’t search for information on cats at work — you could be at risk of being hacked

This dangerous new malware is hitting Windows devices by hiding in games

Nvidia’s GeForce Now Priority membership has upgraded to ‘Performance’ - introducing a 1440p resolution and ultrawide support