DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers and lost some of its ransom payments (via The Record).

DarkSide Ransomware

The operator of the group, Darksupp, said:

A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers. Now these servers are unavailable via SSH, and the hosting panels are blocked.

This news comes days after President Biden signed an executive order to improve the nations cybersecurity. He also said the U.S. would go after the Russia-based group: “We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.”

The U.S. has made no announcement yet, and threat intelligence analyst Dmitry Smilyanets said the alleged take down could be a lie called an “exit scam.” This is when a group shuts itself down and takes their money with them without paying their associates.

Subscribe
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Lee Dronick

Maybe 007 took them down