quote:

Servers for Darkside were taken down by unknown actors Friday, a week after the cyber extortionist forced the shutdown of a large US oil pipeline in a ransomware scam, a US cyber security firm said.

Recorded Future, the security firm, said in a post that the allegedly Russia-based Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.

Accessed via TOR on the dark web, the Darkside site address showed a notice saying it could not be found.

quote:

While there was no evidence of who might have forced down Darkside's website, the twitter account of a US military cyber warfare group, the 780th Military Intelligence Brigade, retweeted the Recorded Future report on Friday.

quote:

The criminal hacking group DarkSide, which the F.B.I. has blamed for carrying out a ransomware attack that crippled fuel delivery across the Southeastern United States this week, has announced that it is shutting down because of unspecified “pressure” from the United States.

In a statement written in Russian and provided to The New York Times on Friday by the cybersecurity firm Intel 471, DarkSide said it had lost access to the public-facing portion of its online system, including its blog and payment server, as well as funds that it said had been withdrawn to an unknown account. It said the group’s main web page and other public-facing resources would go offline within 48 hours.

“Due to the pressure from the U.S., the affiliate program is closed,” the statement said, referring to intermediary hackers, the so-called affiliates, it works with to break into corporate computer systems. “Stay safe and good luck.”

What that pressure may have been is unclear, but on Thursday, President Biden said the United States would not rule out a retaliatory strike against DarkSide that would “disrupt their ability to operate.” The White House spokeswoman, Jen Psaki, said the administration was waiting for recommendations from U.S. Cyber Command, but government officials on Friday declined to comment further about whether any action had been taken.

Cybersecurity analysts cautioned that the DarkSide statement could be a ruse, allowing its members to regroup and deflect the negative attention caused by the attack. The group’s announcement was reported earlier by The Wall Street Journal.

quote:

Federal investigators were able to recover more than half of the $4.4 million ransom payment that Colonial Pipeline made to the hackers who froze its computers and forced the shutdown of its massive fuel distribution system, the Biden administration announced on Monday.

By tracing the payment across the ostensibly anonymous cryptocurrency ecosystem, the government was able to locate and seize $2.27 million from a virtual currency account used by the hackers.

“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st-century challenge, but the old adage ‘follow the money’ still applies,” Deputy Attorney General Lisa Monaco said during a news conference.