DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers and lost some of its ransom payments (via The Record).
The operator of the group, Darksupp, said:
A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers. Now these servers are unavailable via SSH, and the hosting panels are blocked.
This news comes days after President Biden signed an executive order to improve the nations cybersecurity. He also said the U.S. would go after the Russia-based group: “We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.”
The U.S. has made no announcement yet, and threat intelligence analyst Dmitry Smilyanets said the alleged take down could be a lie called an “exit scam.” This is when a group shuts itself down and takes their money with them without paying their associates.