Security News > 2021 > May > DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?
The criminal gang behind the disruptive Colonial Pipeline ransomware hack says it is shutting down operations, but threat hunters believe the group will reemerge with a new name and new ransomware variants.
Another potential complication with a DarkSide shutdown is the status of live, ongoing negotiations on ransomware payments and data decryption tools.
"There are a lot of infected companies communicating with these. If they go dark, it could really complicate recovery efforts all over the world," according to a source tracking the ransomware epidemic.
"It's likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways. A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants," the company said.
Threat intelligence company Flashpoint believes - with moderate confidence based on code analysis - that the ransomware used in the Colonial Pipeline attack is a variant of the notorious REvil ransomware.
Separately, a Chainalysis study of ransomware transactions found that 15 percent of all extortion payments carried a risk of U.S. sanctions violations.