Home Cyber-Crime DarkSide ransomware call it quits after Bitcoin, servers are seized

DarkSide ransomware call it quits after Bitcoin, servers are seized

by

DarkSide Ransomware gang was behind the recent Colonial Pipeline cyberattack however it is unclear who is behind the seizure of DarkSide’s cyberinfrastructure.

The DarkSide ransomware cybercriminals group involved in the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is calling it quits.

The crime gang announced it was closing up shop after its servers were seized and some unknown actor drained the cryptocurrency from an account the group uses for its payments.

SEE: DarkSide ransomware group donates $20,000 in BTC to two charities

If accessed via TOR on the dark web, the DarkSide site address shows a notice saying that it cannot be found. 

Bitcoin, servers of DarkSide ransomware gang seized, operation shut down

DarkSide’s official website is now down (Image: Hackread.com)

Their message also stated: “A few hours ago, we lost access to the public part of our infrastructure.”

Continuing forward, the message explained the outage affected its victim-shaming blog where stolen data is published from victims who refuse to pay a ransom.

The outage also took down its payment server and those that supply its distributed denial-of-service feature, which is used to turn up the heat on victims who balk at paying.

The update also claimed that the DarkSide organizers were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.

“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions detailed. 

Bitcoin, servers of DarkSide ransomware gang seized, operation shut down

Screenshot from a Russian Telegram group

As brought about by some experts, especially Intel471, some core members of the DarkSide are also closely tied to the REvil gang. It then comes as no surprise that some of the detailed passages in the message by the DarkSide are apparently penned by a leader of the REvil ransomware-as-a-service platform.

SEE: NetWalker ransomware disrupted – Cryptocurrency and domain seized

The REvil representative said its program was introducing new restrictions on the kinds of organizations that affiliates could hold for ransom, and that henceforth it would be forbidden to attack those in the “social sector” (defined as healthcare and educational institutions) and organizations in the “gov-sector” (state) of any country. Affiliates also will be required to get approval before infecting victims.

At the time of publishing this article, it was still unclear who might have forced down Darkside’s website.

Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.



Source link

Related Articles

Leave a Comment