The criminal group linked to a cyberattack that disrupted gasoline delivery across parts of the southeastern U.S. this week has told hacking associates that it is shutting down, according to security research firms.
A website operated by ransomware group DarkSide, which U.S. officials have said is believed to originate in Eastern Europe, has been down since Thursday.
DarkSide has told associates it has lost access to the infrastructure it uses to run its operation and would be shutting down, citing pressure from law enforcement and from the U.S., according to security firms
FireEye
and Intel 471. DarkSide didn’t respond to requests for comment earlier in the week made through its web site before it was shut down.
The group told affiliates its work was disrupted by a law enforcement agency, according to an announcement from DarkSide to affiliates obtained by Intel 471.
It is not uncommon for ransomware groups such as DarkSide to disband, only to pop up later under a different name. It couldn’t be determined if the U.S. had any role in DarkSide’s claimed disruption or if the disruption was authentic. The FBI and the Justice Department didn’t immediately respond to requests for comment.
Colonial Pipeline Co., the operator of a critical gasoline pipeline to the Eastern U.S., became DarkSide’s latest victim this week and paid close to $5 million to the hackers, according to people familiar with the matter. The company shut down the pipeline May 7 and restarted it Wednesday.
President Biden on Thursday said his administration was “in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks” and would “pursue a measure to disrupt their ability to operate,” though he didn’t elaborate. Asked if he would rule out whether the U.S. would respond with cyber operations, Mr. Biden replied “no.”
Mr. Biden also said he expected to speak to Russian President Vladimir Putin soon about the country tolerating criminal hacking enterprises within its borders. Cybersecurity experts and U.S. officials have said that has allowed international cybercrime originating from Russia to flourish unhindered for years.
In less than a year, DarkSide had gone from a relative unknown in the growing criminal enterprise of ransomware to one of the biggest and most consequential operators in less than a year, security researchers say. The group has grown by recruiting “affiliates”—hackers who will penetrate online networks of businesses or public institutions—with whom it works to disrupt operations. The group splits the ransom money with such affiliates, taking a percentage of the funds, security researchers say.
DarkSide’s criminal efforts brought in at least $60 million in the first seven months of operation, with $46 million of it coming in the first quarter of 2021, according to blockchain research firm Chainalysis Inc. Because Chainalysis has an incomplete picture of all of DarkSide’s activities, the ransomware gang’s total haul was likely larger, the company said.
The Colonial pipeline hack marked another major financial score for Darkside, albeit one that drew significant scrutiny and would have made it difficult to collect payments, according to security researchers
On Monday, the group issued a brief statement on its website saying it was apolitical and would take greater steps to moderate which targets it hit in the future. “Our goal is to make money and not creating problems for society,” the group wrote on its website.
“I wouldn’t be surprised if DarkSide has just said, ‘It is way too hot,’ and they decided to pull the pin on themselves,” said Winston Krone, the chief research officer with Kivu Consulting, Inc., a company that helps victims respond to ransomware incidents.
The shutdown may create challenges for companies who are trying to recover from an infection of the DarkSide ransomware. DarkSide encrypts the contents of victims’ computers, making them unusable. But the hackers are promising to provide decryption software at some time in the future, according to their statement.
Ransomware is part of an emerging and profitable criminal business that generated more than $400 million in income in 2020, according to Chainalysis. Hacking groups like DarkSide have reinvented the process through which criminal networks extort victims. Security researchers call their work ransomware-as-a-service. They make their money by offering customers—criminal hackers—a way to deploy their illegal software and extort victims via a well-designed web interface.
The affiliates are the ones who break into corporate networks, and they get most of the ransom payments—usually around 75%, according to FireEye. DarkSide writes the software, they bill the victims, host stolen data, and even handle tech support and media relations, researchers say.
—Dustin Volz contributed to this article.
Write to Robert McMillan at [email protected]
Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Stay connected with us on social media platform for instant update click here to join our Twitter, & Facebook
We are now on Telegram. Click here to join our channel (@TechiUpdate) and stay updated with the latest Technology headlines.
For all the latest Technology News Click Here
For the latest news and updates, follow us on Google News.
Denial of responsibility! NewsAzi is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.
