Security News > 2021 > May > U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized
Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure.
All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network servers, have gone dark and remain inaccessible as of writing.
According to blockchain analytics company Elliptic, the bitcoin wallet used by the DarkSide extortionists received a payment of 75 BTC made by Colonial Pipeline on May 8, after which the wallet was emptied of $5 million in bitcoin on May 13.
DarkSide's operational setbacks and the heightened scrutiny that followed the Colonial Pipeline attack have also set in motion a wave of RaaS bans on illicit cybercrime forums such as XSS, Exploit, and RaidForums, posing a major short-term disruption of the ransomware economy.
"If anything, ransomware attacks will likely continue to grow in both scale and frequency. After the closure of DarkSide, the ransomware landscape is dominated by four major collectives: REvil, LockBit, Avaddon, and Conti."
In light of XSS and Exploit's refusal to host RaaS operations on their platforms, ransomware collectives are expected to go private and advertise recruitment for new affiliates via their own leak sites.
News URL
Related news
- FBI disrupts the Dispossessor ransomware operation, seizes servers (source)
- FBI Shuts Down Dispossessor Ransomware Group's Servers Across U.S., U.K., and Germany (source)
- Linux version of new Cicada ransomware targets VMware ESXi servers (source)
- VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group (source)