DarkSide Ransomware Group Servers and Crypto Seized

DarkSide ransomware group who were behind the cyber attack on Colonial Pipeline that makes the Pipeline entire network to shutdown announced it was shutting off after its servers were seized and someone drained the cryptocurrency from an account on which they receive the ransomed.

 Security blog KrebsonSecurity reported that a message from a cybercrime forum reposted to the Russian OSINT Telegram channel, which reads “Servers were seized (country not named), money of advertisers and founders was transferred to an unknown account,” .

“A few hours ago, we lost access to the public part of our infrastructure,” the message continues, explaining the outage affected its victim shaming blog where stolen data is published from victims who refuse to pay a ransom. The outage also took down its payment server and those that supply its distributed denial-of-service feature, which is used to turn up the heat on victims who balk at paying.

DarkSide organizers also said they were releasing decryption tools for all of the companies that have been ransomed but which haven’t yet paid.

Cyber Intelligence firm Intel 471 wrote -

DarkSide was not the only group to make this type of announcement on May 13. Another RaaS group, Babuk, claimed it handed over the ransomware’s source code to "another team," which would continue to develop it under a new brand. The group pledged to stay in business, continuing to run a victim name-and-shame blog, while also encouraging other ransomware gangs to switch to a private mode of operation. This announcement came after the group released the remaining portions of the data stolen from the District of Columbia’s Metropolitan Police Department. That archive, which contained 250 GB worth of data, allegedly included officers' and auxiliary personnel personal data, a database filled with information on criminals, as well as information on police informants.