DarkSide ransomware operators have lost access to their infrastructure
The servers of the ransomware group Darkside, responsible for the attack on the American fuel giant Colonial Pipeline, have been shut down.
As of May 13th, operators of the Darkside Ransomware-as-a-Service (RaaS0 had made a statement they would stop all operations of the Darkside RaaS program and that all targets that they had attacked would receive decryptors and also promised to compensate all outstanding obligations by May 23rd, 2021.
— 𝕯𝖒𝖎𝖙𝖗𝖞 𝕾𝖒𝖎𝖑𝖞𝖆𝖓𝖊𝖙𝖘 (@ddd1ms) May 14, 2021
Grouping topics will also be removed from underground forums. Cybercriminals have lost access to the public part of their infrastructure, including their blog, payment server, and CDN (Content Delivery Network) servers. This was announced by the telegram channel Russian OSINT
Currently, the servers are unavailable via SSH protocol, and the hosting panel is blocked. The funds from the payment server of cybercriminals and their clients were withdrawn to an unknown address. A message from a cybercrime forum that was reposted on to a Russian OSINT Telegram channel reads:
In addition, hackers have introduced new restrictions on further criminal activities. They will not attack the social sector (healthcare, educational institutions) or government organizations of any country.
The announcement obtained is available below:
Translated in English, the note reads:
Starting from version one, we promised to speak about problems honestly and openly. A couple of hours ago, we lost access to the public part of our infrastructure, in particular to the
At the moment, these servers cannot be accessed via SSH, and the hosting panels have been blocked.
The hosting support service doesn’t provide any information except “at the request of law enforcement authorities.” In addition, a couple of hours after the seizure, funds from the payment server (belonging to us and our clients) were withdrawn to an unknown account.
The following actions will be taken to solve the current issue: You will be given decryption tools for all the companies that haven’t paid yet.
After that, you will be free to communicate with them wherever you want in any way you want. Contact the support service. We will withdraw the deposit to resolve the issues with all the affected users.
The approximate date of compensation is May 23 (due to the fact that the deposit is to be put on hold for 10 days on XSS).
In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck.
The landing page, servers, and other resources will be taken down within 48 hours.
(translation obtained from Intel 471)