US pipeline hacker Darkside shut down
Russia-based cyber-extortionist Darkside appeared out of business Friday after unknown actors shut down the servers of the group, which had forced the closure of a large US oil pipeline in a multi-million dollar ransomware scam.
US cyber security firm Recorded Future said that Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.
Recorded Future threat intelligence analyst Dmitry Smilyanets said he found a Russian language comment on a ransomware website ostensibly from ‘Darksupp’, described as the operator of Darkside.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” Darksupp wrote.
Accessed via TOR on the dark web, the Darkside site address showed a notice saying it could not be found.
Recorded Future reported that the Darkside operator also said cryptocurrency ransom payments had been withdrawn from its server, dealing a setback to the group which had marketed itself as a formal business for hijacking victims’ IT systems until they paid to unlock them.
Speculation focused on who could have taken down Darkside’s computers after it had spent the past half-year extorting millions of dollars from companies which fell victim to its ransomware.
Some suspected that the US military’s Cyber Command took action, pointing to the Twitter account of the Pentagon’s 780th Military Intelligence Brigade, a hacking unit that retweeted the Recorded Future report shortly after it came out.