DarkSide ransomware gang, the famous cybercrime syndicate behind the Colonial Pipeline attack, said it lost control of its infrastructure, citing a law enforcement seizure, just as Colonial Pipeline was restoring all of its systems to operational status following a crippling ransomware incident a week earlier.
All of the gang’s dark web sites, including its DarkSide ransomware Leaks blog, ransom collection site, and breach data content delivery network (CDN) servers, have gone dark and are now unavailable.
According to a note sent by DarkSide operators to its associates, funds from their cryptocurrency wallets were allegedly exfiltrated to an unknown account.
After losing access to some of its servers, DarkSide, the Russian-speaking gang blamed by the FBI for a hacking attack that resulted in a six-day fuel pipeline shutdown, announced it was going out of business.
President Joe Biden of the United States has repeatedly warned gangs and major host country Russia of the consequences of a ransomware assault that forced Colonial Pipeline to shut down the main supply line to the East Coast.
After days of panic buying, the line was resuming full service, but several pumps remained empty at stations in some states.
DarkSide ransomware gang allegedly supplied the encryption software that a criminal affiliate used to make Colonial’s internal files unavailable, according to investigators.
It intended to split any ransom payments for data recovery with the associate, who authorities have named as another Russian criminal.
According to analysts, another major criminal group said it would prohibit encryption attacks on critical infrastructure, and platforms where such gangs recruit partners said they would prohibit advertising related to ransomware.
According to Intel 471, A large amount of “negative publicity” focused their way over the past week, causing multiple ransomware operators and cybercrime forums either say their infrastructure has been taken offline, amending their rules, or abandoning ransomware altogether.
The news comes as DarkSide ransomware gang announced the termination of its Ransomware-as-a-Service (RaaS) affiliate program due to severe pressure from the U.S., promising to issue decryptors to all of their affiliates for the companies that were targeted, as well as to pay all outstanding financial obligations by May 23.
The cybercriminal organization, which has been responsible for the Colonial Pipeline incident, also sent out an announcement to its affiliates, saying that an unnamed law enforcement agency had damaged a public portion of the group’s infrastructure.
The Darkside ransomware gang’s name-and-shame blog, ransom collection platform, and breach data content delivery network (CDN) were reportedly seized, as were funds from their cryptocurrency wallets.