"Pipeline Attacker DarkSide Suddenly Goes Dark—Here's What We Know"
The DarkSide ransomware group behind the shutdown of the Colonial Pipeline seems to have gone dark, making it unclear as to whether the group is ceasing or altering its operations or is attempting to pull an exit scam. All eight of the dark web sites used by DarkSide to communicate with the public went down. The crime gang announced in a post that its website and content distribution infrastructure had been taken down by law enforcement, and the cryptocurrency it had received from victims had been confiscated. The group also said it would distribute a free decryptor to all victims who have yet to pay a ransom. However, there's no evidence that proves the group's claims. When law enforcement from US and Western European countries seize a website, they typically post a notice on the site's front page that discloses the seizure. However, none of the DarkSide sites display that notice. Most of them show blank screens or time out. DarkSide's claims follow the announcement from a prominent criminal underground forum called XSS that it was banning all ransomware activities. The site has served as a significant resource for ransomware groups, including REvil, Babuk, DarkSide, LockBit, and Nefilim, for recruiting affiliates who use the malware to infect victims and, in exchange, share a cut of the revenue generated. The decision by XSS will significantly disrupt the ransomware ecosystem as it removes a key recruiting tool and source of revenue. This article continues to discuss the alleged shutdown of the DarkSide ransomware operation and the future of the ransomware ecosystem.
Ars Technica reports "Pipeline Attacker DarkSide Suddenly Goes Dark—Here's What We Know"