DarkSide hacking group shuts down after fuel pipeline attack, report says
Joe Biden had warned US would take action against hacking group for US attack
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The DarkSide hacking group blamed for the Colonial Pipeline ransomware attack is shutting down its operations, a report says.
The Eastern European criminal group was linked to the attack that caused major disruption to gasoline delivery across the southeastern United States.
Now cybersecurity firms say that a website operated by the group, which was reportedly paid around $5m in a Bitcoin ransom by Colonial, has been down since Thursday, according to The Wall Street Journal.
DarkSide has also told affiliates that it was disrupted by a law-enforcement agency, reported Intel 471, which is a security firm that protects against cyber crime.
And the group posted that it had lost control of its servers, reported Recorded Future threat intelligence analyst Dmitry Smilyanets.
Joe Biden had promised to take action against the group and the 780th Military Intelligence Brigade, the Army’s offensive cyber operations brigade, posted the Recorded Future report on its official Twitter account.
The president said on Thursday that the White House had been “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks”.
And Mr Biden said that his administration would “pursue a measure to disrupt their ability to operate” and refused to rule out a US cyber operation in response.
There is no evidence of who may have taken action against DarkSide and the US government has not made any comment on the situation yet.
The FBI has declined to comment on whether the US government was responsible for shutting down the DarkSide website.
Observers say it is common for ransomware groups such as DarkSide to close, only to reopen later under a different identity.
Colonial Pipeline was attacked by the group last week and forced to shut down their operation on 7 May for five days.
DarkSide brought in around $46m in the first quarter of 2021, according to blockchain research firm Chainalysis Inc.
The group issued a statement on Monday, saying it would take greater care in which targets were hit in the future.
“Our goal is to make money and not creating problems for society,” the group wrote on its website.
DarkSide reportedly offers criminal hackers the software needed to hold a company to ransom, bills the victim and hosts the stolen data.
They then split the ransom money obtained with the criminal client.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments