Security Market Segment LS
Saturday, 15 May 2021 08:37

CIA-backed firm claims DarkSide ransomware site has shut down Featured

CIA-backed firm claims DarkSide ransomware site has shut down Pixabay

A CIA-backed threat intelligence firm claims the operator of the DarkSide ransomware gang has lost control of its infrastructure after the malware was used to attack the Colonial Pipeline Company in the US which runs the country's biggest petrol pipeline.

The claims were published by The Record, a website launched by the firm, Recorded Future recently. It cited a post spotted by one of its analysts, Dmitry Smilyanets, from the alleged operator of the malware.

“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. CDN servers,” Smilyanets said in a tweet attributed to one Darksupp who is claimed to be the person behind the malware operation.

“Now these servers are unavailable via SSH, and the hosting panels are blocked."

Meanwhile, a blockchain analytic firm known as Elliptic claimed that it had discovered a payment of 75 bitcoin made to the DarkSide account on 8 May. Bloomberg had made a similar claim.

It said the wallet in question had been active since 4 March and had received 57 different payments.

Bloomberg had claimed a ransom of US$5 million was paid by Colonial while other news services like Reuters had said the company was refusing to pay up.

The US had vowed to exact revenge on the DarkSide operators as the Colonial incident affected petrol supply within the country and led to a rise in prices.

In a related development, the operators of the biggest dark web cyber crime forum have decided to ban ransomware advertisements.

In a statement issued in Russian and translated by security writer Yelisey Boguslavskiy, the XSS forum said: ""We are glad to see penetrate testers, specialists, coders, but we are not happy with lockers.

"All topics related to lockers will be deleted."

In a blog post, the security firm Intel471 said the DarkSide operators had decided to shut down their ransomware-as-a-service on 13 May.

"Operators said they would issue decryptors to all their affiliates for the targets they attacked, and promised to compensate all outstanding financial obligations by May 23, 2021," the post said.

"The group... also passed an announcement to its affiliates claiming a public portion of the group's infrastructure was disrupted by an unspecified law enforcement agency.

"The group’s name-and-shame blog, ransom collection website, and breach data content delivery network were all allegedly seized, while funds from their cryptocurrency wallets allegedly were exfiltrated."

Contacted for comment, Brett Callow, a seasoned ransomware researcher with the New Zealand-headquartered infosec firm Emsisoft, said: "All of DarkSide's sites are down expect for their payment portal. The question is whether the sites were seized by law enforcement or whether DarkSide has simply done a runner, taking their partners in crimes' cash with them. I suspect they've legged it.

"This isn't a particularly sophisticated group and their post-attack comments clearly indicated they were uncomfortable with what had happened - or, more accurately, the potential consequences.

"Sadly, though, while this may mark the end of the DarkSide operation, the individuals behind it will likely not cease to be a pain in our collective arses. They'll most likely just rebrand or go back to being affiliates for other gangs."

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News