14 DAY TRIAL // According to the Wall Street Journal, DarkSide, the group responsible for shutting down Colonial Pipeline, declared their breakup, citing cybersecurity firms FireEye and Intel 471.
Since Thursday, May 13, the DarkSide website has been unavailable. The Eastern European hacking group has thus confirmed to its associates that it has lost access to its infrastructures. Among the reasons, they mentioned a specific agency belonging to the U.S. Government but also the pressure exerted by the country overall.
Nevertheless, it is difficult to know what lies behind these statements. More often than not, it is the standard for ransomware groups to disband in order to calm things down, only to reemerge later under a different name.
Just a few days ago, DarkSide was responsible for the shutdown of Colonial Pipeline's oil pipeline infrastructure. This is one of the largest U.S. oil pipeline operators and transports 45% of the oil used on the Eastern Coast. As an immediate result, an emergency plan was initiated to avoid a shortage for residents in the affected areas. The government charged the Department of Justice and the FBI with the investigation. Afterward, the cybercriminal group published a statement on its DarkNet website in which it claimed to be apolitical and did not want to be linked to any government.
U.S. President got involved after this massive cyberattack aftermath
Joe Biden himself took the floor to discuss the cyberattack. While he indicated that the Russian government was not involved, he stated that the hackers were operating from his territory and stated that he would meet with Vladimir Putin soon. He said that his administration was “in direct communication with Moscow regarding the imperative for the countries responsible for taking decisive action against these ransomware networks, “ and that it “would take action to disrupt their ability to operate”.
Colonial Pipeline allegedly paid DarkSide a $5 million ransom in order to get its data to decrypt. The cybercriminal group began its activities in August 2020 and quickly gained notoriety in the ransomware community due to the a large number of victims.
More precisely, they allegedly earned more than $60 million in their first seven months of operation. With such a large amount of money, it is difficult to predict whether they will truly go under the radar.