May 14, 2021 - Technology

DarkSide claims it's shutting down after Colonial Pipeline hack

Fuel tanks at Colonial Pipeline's Dorsey Junction Station on May 13 in Washington, DC.

Fuel tanks at Colonial Pipeline's Dorsey Junction Station on May 13 in Washington, D.C. Photo: Drew Angerer/Getty Images

The hacker group DarkSide, which was responsible for a ransomware attack that shut down the Colonial Pipeline and led to fuel shortages in multiple states this week, claims to be shutting down, Krebs on Security and several cybersecurity firms report.

Why it matters: In a message from a cybercrime forum, the group said it had lost access to the infrastructure needed to carry out its extortion operations and that a cryptocurrency account it uses to pay its affiliates had been drained.

What they're saying: “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” reads the message, which was reviewed by Krebs.

  • “A few hours ago, we lost access to the public part of our infrastructure," the message continues. “Also, a few hours after the withdrawal, funds from the payment server (ours and clients’) were withdrawn to an unknown address."
  • The group also claimed it released decryption tools to all companies it had attempted to extort, but had not yet been paid.

Between the lines: Security experts say cyber criminal groups often disband and return under different names, and it therefore can't be determined if the disruption to DarkSide's infrastructure is legitimate or permanent, according to the Wall Street Journal.

  • It is also unknown if the U.S. government had any role in the events that led to the group's closure.

The big picture: Colonial Pipeline reportedly paid hackers linked to DarkSide nearly $5 million in cryptocurrency after last week's ransomware attack to regain access to its computer systems.

  • President Biden announced Thursday that the Justice Department launched a new task force that will specifically prosecute ransomware hackers "to the full extent of the law."
  • Biden late Wednesday signed an executive order in an attempt to bolster the country's cybersecurity defenses following the cyberattack.
Go deeper