Security News > 2021 > May > DarkSide ransomware servers reportedly seized, REvil restricts targets
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.
In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and DoS servers due to law enforcement action.
"Since the first version, we have promised to speak honestly and openly about problems. A few hours ago, we lost access to the public part of our infrastructure, namely : Blog, Payment server, DOS servers," reads the forum post from UNKN. "Now these servers are unavailable via SSH, the hosting panels are blocked. Hosting support, apart from information"at the request of law enfocement agencies", does not provide any other information.
Starting yesterday, security researchers and journalists noted that the DarkSide data leak site was no longer accessible, and it was speculated that law enforcement had seized the server.
If law enforcement seized the server, they might have kept it running to allow victims to access their decryptors.
Feeling the heat from law enforcement, it has also been speculated that the DarkSide ransomware gang may be pulling an exit scam.
News URL
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)