The group behind the Colonial Pipeline ransomware attack appears to be shutting down its RaaS operation, thanks to increased law enforcement pressure.
DarkSide secured its place in infamy when it successfully launched a ransomware attack on Colonial Pipeline, devastating the gasoline supply on the East Coast. In response, President Biden signed an executive order on cybersecurity, with a focus on helping the US make the drastic changes necessary to keep pace with evolving threats.
According to cybercrime intelligence firm Intel 471, the increased pressure from law enforcement is already having an impact. DarkSide has posted an announcement saying they have lost access to their blog, payment server and CDN. In addition, the money it made on ransomware was seized.
DarkSide has said it will cease its Ransomware as a Service (RaaS) operations. The group also will issue decryptors to outstanding RaaS victims. In an interview with Forbes, Intel 471 CEO Mark Arena said he believes DarkSide will honor its promise.
“I think they’re well established in the criminal underground and they’re not going to burn it for this,” Arena said. He also said he believed hacker groups would be far more careful about their targets moving forward. “People will definitely research their targets more so something like this doesn’t happen again… These guys want to get paid with as little fanfare as possible so they can carry on doing what they’re doing.”
According to Intel 471, DarkSide isn’t the only group posting such an announcement. Multiple hacker groups are feeling the increased pressure and closing or significantly changing their operations.