DarkSide takes the ransom, but must close
The hacker group responsible for the Colonial Pipeline ransomware attack, with severe damage to the fuel supply in the southeastern United States, appears to have shut down after all its recent success, according to WSJ.
Darkside, believed to be based in Eastern Europe or Russia, was unable to access its computer systems to conduct cyber attacks. Experts close to the hacker group said it would disband, due to international and US pressure, security research firm FireEye said.
The DARKSIDE announcement stated that they lost access to their infrastructure, including their blog, payment, and CDN servers and would be closing their service. Decrypters would also be provided for companies who have not paid, possibly to their affiliates to distribute. (2/3)
– FireEye (@FireEye) May 14, 2021
The post cited law enforcement pressure and pressure from the United States for this decision. @Mandiant has not independently validated these claims and there is some speculation by other actors that this could be an exit scam. (3/3)
– FireEye (@FireEye) May 14, 2021
Dmitry Smilyanets, a threat intelligence analyst at Recorded Future , said DarkSide has lost control of its servers and has lost some money earned on ransom payments.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS server, ”said Darksupp, the operator of Darkside ransomware.
Now these servers are not available via SSH and the hosting panels are blocked “.
Darksupp also reported that the virtual currency funds have been withdrawn from the payment server and would be split between itself and its associates.
This sudden dispersion of the hacker group is suspicious. The ransom obtained by Dominion was, after all, meager 5 million dollars. Close for a pittance like this?
On Thursday, President Joe Biden announced that his administration was "in direct communication with Moscow on the imperative for the countries responsible to take decisive action against these ransomware networks" and would "pursue a measure to disrupt their ability to operate".
Biden said: "We don't believe the Russian government was involved in this attack, but we have strong reasons to believe that the criminals who made the attack live in Russia, that's where it came from."
Not everyone is convinced that DarkSide is a legitimate hacker group, but rather a cover for a rogue CIA hacker group.
Natalya Kaspersky, founder and former CEO of security software company Kaspersky Lab, suggested in an interview with Russian national news agency RIA Novosti that CIA hackers were indeed behind the attack on the Colonial Pipeline, RT News reported. .
Kaspersky said the Umbrage team, which is part of the Remote Development Branch under the CIA's Center for Cyber Intelligence, can mask its hackers as outsiders and leave external hackers' "fingerprints" when they break into electronic devices. So the assault would have come straight from the US, An internal move? For what purpose? To heat the economy even more and stop the expansionary maneuvers, or a simple "strategy of tension"?
Thanks to our Telegram channel you can stay updated on the publication of new articles of Economic Scenarios.
The DarkSide article takes redemption, but must close comes from ScenariEconomici.it .
This is a machine translation of a post published on Scenari Economici at the URL https://scenarieconomici.it/darkside-prende-il-riscatto-ma-deve-chiudere/ on Sat, 15 May 2021 06:00:39 +0000.