Security News > 2021 > May > DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
The DarkSide takedown sent shockwaves through other underground forums, many of which deleted all ransomware topics.
That's likely a reference to "Deshirfrator," or "Decryptor" in Russian: The tools that typically are as far from free as ransomware attackers can make them.
Colonial Pipeline, the supplier of about 45 percent of liquid fuel used in the South and Eastern U.S., proactively shut down its fuel-delivery operations following the ransomware attack a week ago.
Before the Colonial Pipeline attack, DarkSide, like similar Robin Hood wannabes, already had an ethics code that prohibited attacks against hospitals, hospices, schools, universities, non-profit organizations and government agencies - similar to REvil's new veil of ethics.
After Babuk attacked the Washington D.C. Metropolitan Police Department in April, Randy Pargman, a 15-year veteran of the FBI and current vice president of threat hunting and counterintelligence at Binary Defense and long-time Babuk tracker, told Threatpost that the operators behind the RaaS offering either truly don't want to attack those entities, or they're just putting on a public face, telling the world that hey, we're not all that bad. Just because a ransomware outfit has a code of ethics doesn't mean that all of its affiliates follow it, though.
Early on in the pandemic, several ransomware gangs pledged to spare hospitals because of the ongoing COVID-19 scourge.
News URL
https://threatpost.com/darksides-servers-shutdown/166187/
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)