Colonial Pipeline attackers claim to have lost control of their servers.
Almost a week after the DarkSide Ransomware attacked Colonial Pipeline, and the company was forced to pay roughly $5 million to recover control of their systems, the ransomware operators stated that they had lost control of their servers.
For several days, the ransomware attack on Colonial Pipeline, the US’ biggest refined products pipeline, posed major problems, disturbing the product delivery supply chain operation and affecting multiple suppliers.
On May 13, the criminal gang responsible for the attack just announced that all its dark websites, including the blog DarkSide Leaks, its Ransom collecting site and the CDN servers, are now unreachable.
According to a message issued by DarkSide operators and distributed to its affiliates, the funds from their crypto-currency wallets have also been reportedly exfiltrated to an unknown account. There is no SSH access to these servers and the hosting panels are banned, according to the note that has been passed by the gang.
This news comes after DarkSide stopped its Ransomware-as-a-Service (RaaS) affiliate program, with the criminal organization announcing that it would provide all its affiliates with decryptors for the victims that were attacked and a compensation for all outstanding financial obligations by 23rd of May.
The takedown of the servers makes a surprise turning point in the Colonial Pipeline saga, however, there is a concern among security professionals that this is simply an exit tactic that has been commonly employed by criminals in recent years, which allows for the gang to rebrand and stealthily continue with its operation while giving the impression that it is vanishing from the spotlight.
In relation to the DarkSide funds exfiltration, it has been speculated that the US government has seized the Bitcoins, although no official information about such measures has been provided. No country has been named to stay behind the seizing of the servers either.
Despite the shutting down of DarkSide’s infrastructure, ransomware is still a continuing concern for the foreseeable future because it still remains quite lucrative and attractive among cyber criminals.