A group of hackers suspected of having committed the cyber attack on Colonial Pipeline Corporation has suspended its activities. Cybersecurity officials FireEye and Recorded Future report that the DarkSide Group is reporting on the so-called dark web that access to certain servers has been lost. As a result, the group of hackers can no longer access the stolen ransomware and its blog.
DarkSide stated on the dark web that the cryptocurrency received as ransom has also disappeared from its servers. The group did not report who had disabled the hacker’s servers. Experts also note that DarkSide is breaking down on its own to return under a different name soon.
Authorities in the US suspect that DarkSide attacked Colonial Pipeline with ransomware. Additionally, company documents are encrypted and issued only after a ransom is paid. The attack had dire consequences, as one of the largest fuel pipelines in the United States was shut down. Although the pipeline has been restarted, many gas stations are still short of petrol.
Like other hacker groups, DarkSide regularly publishes stolen documents on the dark web, a hard-to-reach part of the internet where users operate anonymously. This aims to put the affected companies under pressure to bring in funds. But DarkSide is now discontinued.
According to US President Joe Biden, Russia is partly responsible for the attack on the colonial pipeline. According to him, there is evidence that the hackers or their software come from Russia. According to security experts, the group also communicated in Russian.
DarkSide recently regretted that the attack on the US pipeline was not carried out by the same group, but by “partners” who use ransomware for a fee. “We are apolitical and do not engage in geopolitics,” a report said. “Our goal is to make money, not create problems for society. From now on, we check every company our partners want to code to avoid social consequences.”