The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.
“Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads a message from a cybercrime forum reposted to the Russian OSINT Telegram channel.
“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. The outage also took down its payment server and those that supply its distributed denial-of-service feature, which is used to turn up the heat on victims who balk at paying.
“Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address,” the DarkSide admin says.
DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.
“After that, you will be free to communicate with them wherever you want in any way you want,” the instructions read.
The DarkSide message includes passages apparently penned by a leader of the REvil ransomware-as-a-service platform. This is interesting because security experts have posited that many of DarkSide’s core members are closely tied to the REvil gang.
Support the originator by clicking the read the rest link below.
