‘Darkside’, a hacking criminal group that cyber-attacked the largest oil pipeline operator in the United States, has decided to close its doors under pressure from the US government.
Bloomberg News and the Wall Street Journal (WSJ) quoted cybersecurity firms FireEye and Intel471 on the 14th (local time) that Darkside announced to other hackers associated with them that it was going to shut down the ransomware service and “close it”. Reported.
Darkside reportedly lost access to some infrastructure services, including blogging and payment servers.
Cyber security experts said that the website operated by the group on the dark web has already been down since the previous day.
Darkside announced that it will send decryption keys to recover the system sooner or later to victims who have not yet paid the’random price’.
“Darkside heard pressure from law enforcement and pressure from the US government as a reason for this decision,” said Kimberly Goody, FireEye Mandiant’s expert in financial crime analysis.
After a ransomware attack on the Colonial Pipeline, which operates an 8,850 km long oil pipeline from Texas to New Jersey, authorities, including the US Federal Bureau of Investigation (FBI), immediately pointed out Darkside as the culprit and launched a full-scale investigation. .
In the afternoon of the 7th, the colonial pipeline was disrupted by a hacking group’s attack on the oil pipeline responsible for 45% of the US East Coast oil supply, causing great inconvenience to consumers.
It is reported that the colonial paid 5 million dollars (about 5.65 billion won) in virtual currency to the hacking group, and it was only restarted from the afternoon of the 12th.
A ransomware attack is a cyber crime that uses malicious code to infiltrate the victim’s computer system, encrypts files, and demands money in exchange for releasing data held as hostages.
Darkside, believed to be based in Eastern Europe or Russia, is a new organization that has emerged since August of last year, and is said to have inflicted tens of billions of dollars in losses, mainly to more than 80 companies in Western countries.
However, it is also possible that Darkside’s’declaration of business closure’ is a trick to avoid a large-scale investigation by the US authorities following the hacking of the colonial pipeline.
Mark Turnage, co-founder of Dark Owl, a dark web research firm, told Bloomberg News: “The Darkside is likely to stay quiet and ask for a name change, just like other ransomware attackers did in the past when they were targets for investigative authorities. “He said.
Author/ Translator: Jamie Kim
Bio: Jamie Kim is a technology journalist. Raised in Hong Kong and always vocal at heart. She aims to share her expertise with the readers at blockreview.net. Kim is a Bitcoin maximalist who believes with unwavering conviction that Bitcoin is the only cryptocurrency – in fact, currency – worth caring about.