Cybercrime group DarkSide, responsible for the Colonial Pipeline attack, which led to a fuel shortage on the East Coast area, has just announced that they were forced to shut down due to the loss of its system.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers,” Darksupp, the Darkside ransomware’s operator, said in a post spotted by Reported Future threat intelligence analyst Dmitry Smilyanets.
“Now these servers are unavailable via SSH, and the hosting panels are blocked,” the Darkside operator said, lamenting the web hosting provider refused to cooperate.
This unexpected turn of events followed the announcement by the U.S. government that they planned to pursue the hacker.
On Wednesday, May 12, President Joe Biden signed an executive order to tackle the issue and improve the nation’s cybersecurity. The comprehensive plan requires establishing a Cyber Safety Review Board, which will have the Defense and Justice departments and representatives from several intelligence agencies and the private sector as participants.
“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks,” Biden said in a press conference on Thursday, May 13.
“We are also going to pursue a measure to disrupt their ability to operate,” he added.
Pres. Biden on Colonial Pipeline hack: “We do not believe the Russian government was involved in this attack—but we do have strong reason to believe that the criminals who did the attack are living in Russia.” https://t.co/CAHmsNFmcf pic.twitter.com/ex8AfuwIPX
— ABC News (@ABC) May 13, 2021
The hacking organization might be using Biden’s comments as cover to shut down its infrastructure and flee with its affiliates’ money without paying their commissions—a tactic known as an “exit scam” in the cybercriminal underground, according to Smilyanets.
On Thursday, Bloomberg asserted Colonial Pipeline paid the ransom just hours after the cyberattack last Friday, May 7, which had forced the company to shut down its pipeline operations and created a severe shortage in gas supply afterward.
Sources told Bloomberg that Colonial accepted to pay ransom to Darkside of 75 Bitcoin, equivalent to $5 million, for the tool to restore their data. However, the decrypting tool supplied by the hacker group was too slow, and the company had to resort to its backups to revive the system.
The Darkside reported that its cryptocurrency paying channel, in which ransom payments made by victims were kept, has also been withdrawn.