DarkSide hacking group shuts down after fuel pipeline attack, report says

The latest headlines from our reporters across the US sent straight to your inbox each weekday

Your briefing on the latest headlines from across the US

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy notice

The DarkSide hacking group blamed for the Colonial Pipeline ransomware attack is shutting down its operations, a report says.

The Eastern European criminal group was linked to the attack that caused major disruption to gasoline delivery across the southeastern United States.

Now cybersecurity firms say that a website operated by the group, which was reportedly paid around $5m in a Bitcoin ransom by Colonial, has been down since Thursday, according to The Wall Street Journal.

DarkSide has also told affiliates that it was disrupted by a law-enforcement agency, reported Intel 471, which is a security firm that protects against cyber crime.

And the group posted that it had lost control of its servers, reported Recorded Future threat intelligence analyst Dmitry Smilyanets.

Joe Biden had promised to take action against the group and the 780th Military Intelligence Brigade, the Army’s offensive cyber operations brigade, posted the Recorded Future report on its official Twitter account.

The president said on Thursday that the White House had been “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks”.

And Mr Biden said that his administration would “pursue a measure to disrupt their ability to operate” and refused to rule out a US cyber operation in response.

There is no evidence of who may have taken action against DarkSide and the US government has not made any comment on the situation yet.

The FBI has declined to comment on whether the US government was responsible for shutting down the DarkSide website.

Observers say it is common for ransomware groups such as DarkSide to close, only to reopen later under a different identity.

Colonial Pipeline was attacked by the group last week and forced to shut down their operation on 7 May for five days.

DarkSide brought in around $46m in the first quarter of 2021, according to blockchain research firm Chainalysis Inc.

The group issued a statement on Monday, saying it would take greater care in which targets were hit in the future.

“Our goal is to make money and not creating problems for society,” the group wrote on its website.

DarkSide reportedly offers criminal hackers the software needed to hold a company to ransom, bills the victim and hosts the stolen data.

They then split the ransom money obtained with the criminal client.