Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

DarkSide hacking group shuts down after fuel pipeline attack, report says

Joe Biden had warned US would take action against hacking group for US attack

Graeme Massie
Los Angeles
Friday 14 May 2021 19:42 BST
DarkSide hack of Colonial Pipeline exposes corporate vulnerabilities
Leer en Español

The DarkSide hacking group blamed for the Colonial Pipeline ransomware attack is shutting down its operations, a report says.

The Eastern European criminal group was linked to the attack that caused major disruption to gasoline delivery across the southeastern United States.

Now cybersecurity firms say that a website operated by the group, which was reportedly paid around $5m in a Bitcoin ransom by Colonial, has been down since Thursday, according to The Wall Street Journal.

DarkSide has also told affiliates that it was disrupted by a law-enforcement agency, reported Intel 471, which is a security firm that protects against cyber crime.

And the group posted that it had lost control of its servers, reported Recorded Future threat intelligence analyst Dmitry Smilyanets.

Joe Biden had promised to take action against the group and the 780th Military Intelligence Brigade, the Army’s offensive cyber operations brigade, posted the Recorded Future report on its official Twitter account.

The president said on Thursday that the White House had been “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks”.

And Mr Biden said that his administration would “pursue a measure to disrupt their ability to operate” and refused to rule out a US cyber operation in response.

There is no evidence of who may have taken action against DarkSide and the US government has not made any comment on the situation yet.

The FBI has declined to comment on whether the US government was responsible for shutting down the DarkSide website.

Observers say it is common for ransomware groups such as DarkSide to close, only to reopen later under a different identity.

Colonial Pipeline was attacked by the group last week and forced to shut down their operation on 7 May for five days.

DarkSide brought in around $46m in the first quarter of 2021, according to blockchain research firm Chainalysis Inc.

The group issued a statement on Monday, saying it would take greater care in which targets were hit in the future.

“Our goal is to make money and not creating problems for society,” the group wrote on its website.

DarkSide reportedly offers criminal hackers the software needed to hold a company to ransom, bills the victim and hosts the stolen data.

They then split the ransom money obtained with the criminal client.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in