WASHINGTON — Russia-based cyber-extortionist Darkside appeared out of business Friday after unknown actors shut down the servers of the group, which had forced the closure of a large US oil pipeline in a multi-million dollar ransomware scam.
US cybersecurity firm Recorded Future said that Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.
Recorded Future threat intelligence analyst Dmitry Smilyanets said he found a Russian language comment on a ransomware website ostensibly from “Darksupp”, described as the operator of Darkside.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” Darksupp wrote.
TECHNOLOGY
TECHNOLOGY
TECHNOLOGY
Accessed via TOR on the dark web, the Darkside site address showed a notice saying it could not be found.
Recorded Future reported that the Darkside operator also said cryptocurrency ransom payments had been withdrawn from its server, dealing a setback to the group which had marketed itself as a formal business for hijacking victims’ IT systems until they paid to unlock them.