DarkSide committed a ransomware attack on a major US oil pipeline. Pressure from the US government through regulations on security leads hackers to change their attack procedures.

The hacker group DarkSide, which violated a major pipeline in the United States of America with a ransomware attack, moved its funds before the alleged seizure of its wallets and servers.

According to several reports, DarkSide would have found a serious blockage on its way to gain access to the servers of its affiliate program and with this, its cryptocurrencies. DarkSide rewarded other users for using its ransomware against other victims on a global scale.

But the Elliptic firm assures that DarkSide would have also moved a considerable part of the payments it received from the Colonial Pipeline Co Company before the confiscation occurred.

The pipeline operator reportedly paid hackers about $ 5 million in BTC to eradicate the ransomware, according to a report by The Wall Street Journal. DarkSide would have announced on the Internet that it had lost access to part of its servers and the cryptocurrencies that were hosted on it.

False News to Run Scams

There is no confirmation of this order of events from official sources, so it could be fake news spread by hackers to run scams and keep up with the illicit behavior.

According to the security expert Dmitry Smilyanets, reports the site The Record, DarkSide acknowledged in forums and other publications on the Internet to have lost access to part of its server core.

The media also highlights references to another message posted on the Telegram channel Russian OSINT, where the attackers also speak about being aware of the confiscated cryptocurrencies hosted on these servers.

The current location of these servers remains unknown, but DarkSide affirms that the provider or host company would have surrendered to the authorities that are following the case internationally. The authorities claimed that the funds from the payment server were sent to an unknown address.

According to US media reports, President Joe Biden this week urged President Vladimir Putin to find a way to stop the operations of hackers in the countries where they operate, which are in Russian borders.

DarkSide Would be Publishing Tools to Decrypt the data of Companies Affected by its Ransomware

Blockchain analytics firm Elliptic identified the portfolio address where the DarkSide group received payment from Colonial Pipeline.  75 BTC is the total amount that DarkSide received from the Colonial Pipeline Company, on May 8, 2021.

In addition to the Colonial payment, the wallet would have received 57 payments from 21 wallets, making this case look like ransomware cases where the victims have paid. 78.29 BTC (USD 3,871,000), the amount of one of the payments, was sent by a chemical distribution company, Brentagg, on May 11.

The seizure of DarkSide funds and some government pressure led to various changes in the policies and ethics of malicious activity carried out by certain hackers.

Presumably, DarkSide would be publishing tools to decrypt the data of companies and entities affected by its ransomware intending to publicly redeem itself. Another group is known as REvil, an organization that provides homonymous ransomware, stated that its affiliate service would be facing a set of new restrictions, according to The Record.

By: Jenson Nuñez


Please enter your comment!
Please enter your name here