Security News > 2021 > May > U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized
2021-05-21 23:45

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.

All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network servers, have gone dark and remain inaccessible as of writing.

According to blockchain analytics company Elliptic, the bitcoin wallet used by the DarkSide extortionists received a payment of 75 BTC made by Colonial Pipeline on May 8, after which the wallet was emptied of $5 million in bitcoin on May 13.

DarkSide's operational setbacks and the heightened scrutiny that followed the Colonial Pipeline attack have also set in motion a wave of RaaS bans on illicit cybercrime forums such as XSS, Exploit, and RaidForums, posing a major short-term disruption of the ransomware economy.

"If anything, ransomware attacks will likely continue to grow in both scale and frequency. After the closure of DarkSide, the ransomware landscape is dominated by four major collectives: REvil, LockBit, Avaddon, and Conti."

In light of XSS and Exploit's refusal to host RaaS operations on their platforms, ransomware collectives are expected to go private and advertise recruitment for new affiliates via their own leak sites.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/CmH1TuNDqp4/us-pipeline-ransomware-attackers-go.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Bitcoin 4 0 5 12 1 18