Did the Government Take Down the DarkSide Ransomware Group?

Image of locks to suggest security and encryption

DarkSide is the group behind the ransomware attack affecting Colonial Pipeline, and recently said it lost control of its web servers and lost some of its ransom payments (via The Record).

DarkSide Ransomware

The operator of the group, Darksupp, said:

A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers. Now these servers are unavailable via SSH, and the hosting panels are blocked.

This news comes days after President Biden signed an executive order to improve the nations cybersecurity. He also said the U.S. would go after the Russia-based group: “We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against these ransomware networks.”

The U.S. has made no announcement yet, and threat intelligence analyst Dmitry Smilyanets said the alleged take down could be a lie called an “exit scam.” This is when a group shuts itself down and takes their money with them without paying their associates.

One thought on “Did the Government Take Down the DarkSide Ransomware Group?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.