Security News > 2021 > May > DarkSide ransomware servers reportedly seized, operation shuts down
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.
In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action.
"Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely : Blog, Payment server, DOS servers," reads the forum post from UNKN. "Now these servers are unavailable via SSH, the hosting panels are blocked. Hosting support, apart from information"at the request of law enfocement agencies", does not provide any other information.
Starting yesterday, security researchers and journalists noted that the DarkSide data leak site was no longer accessible, and it was speculated that law enforcement had seized the server.
If law enforcement seized the server, they might have kept it running to allow victims to access their decryptors.
According to this message, DarkSide decided to close their operation "Due to the pressure from the US" and after losing access to their public-facing servers.
News URL
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)