The Journal attributed the information to cybersecurity firms FireEye Inc. and Intel 471. According to the firms’ research, DarkSide informed affiliates earlier this week that it plans to close down after losing access to its technology infrastructure.
The group’s statements reportedly suggest that the infrastructure was seized by law enforcement agencies. DarkSide’s website is said to have been offline since Thursday.
According to cybersecurity experts, DarkSide is a ransomware-as-a-service group that sells ransomware tools to other hackers, who use them to launch cyberattack campaigns. DarkSide first emerged last year and has generated at least $60 million from hacking campaigns, according to Chainalysis Inc. data cited by the Journal.
The group became the subject of international attention last week after it launched a cyberattack against Colonial Pipeline, the operator of the largest pipeline system for refined oil products in the U.S. The company normally transports 45% of all fuel used on the East Coast. As a result of the hack, Colonial Pipeline was forced to shut down about 5,500 miles of pipeline, which has led to widespread fuel shortages.
It was reported on Thursday that the company had paid a nearly $5 million ransom to restore files encrypted in the attack. The ransom is believed to have been sent last Friday, the same day Colonial Pipeline first detected the breach. Shortly thereafter, DarkSide issued a statement saying that “from today we introduce moderation and check each company” that its affiliates target in hacking campaigns.
Colonial Pipeline is not the only firm that has been hit by ransomware tied to DarkSide recently. On Thursday, BleepingComputer reported that Brenntag SE, one of the largest chemicals distributors in North America, paid a $4.4 million ransom to DarkSide after suffering a network compromise earlier this month.
Ransomware campaigns generated more than $400 million in income last year, according to Chainalysis, and attacks are only becoming more frequent. Just this morning, Ireland’s state health services provider disclosed that it has shut all its information technology systems and cancelled some medical appointments following a ransomware attack.
The U.S. is taking new steps to address the threat posed by such attacks. Earlier this week, a few days after the Colonial Pipeline hack became public, U.S. President Joe Biden signed an executive order to strengthen national cybersecurity defenses. In remarks delivered Thursday, Biden stated that the Justice Department has launched a task force dedicated to prosecuting ransomware hackers.
Photo: Colonial Pipeline
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.