According to cybersecurity researchers, the criminal cyber cartel blamed the ransomware attack on the U.S. pipeline attack, which caused gasoline shortages for motorists this week, and the company said it is halting operations.
People familiar with the matter said this was after Colonial Pipeline paid its hackers a ransom of nearly $5 million, and the company tried to restart its 5,500-mile network.
The Federal Bureau of Investigation (FBI) stated that this is the DarkSide organization suspected of being a Russian attacker. It has informed its branches that its services are shutting down. The cybersecurity organization FireEye said that the incident has been investigated.
So far, DarkSide not only maintains the ransomware, but also rents it out to others through a membership program, gaining part of the proceeds from attacks that seize control of the organization’s data or software systems and use encryption to secure the owner. Locked until payment.
In a post about the dark web discovered by Recorded Future researchers and seen in the Financial Times, the site also stated that it has lost control of many public infrastructures-including its dark web blogs and The server that accepts the ransom payment-and its cryptocurrency funds have been seized.
Kimberly Goody, senior manager of financial crime analysis at FireEye’s Mandiant Threat Intelligence division, said: “This position cites pressure from law enforcement and the pressure from the United States on this decision.”
It is not clear whether the disruption of the organization’s infrastructure is controlled by the authorities, and whether DarkSide is taking itself offline in order to do business again in the future under another guise, the so-called “export scam.”
U.S. President Biden Say He has “good reason” to believe that the DarkSide hacker is from Russia, but he doesn’t think Moscow should be directly responsible.
He said on Thursday: “We have communicated directly with Moscow, asking responsible countries to take decisive action against these ransomware networks.”
in a Blog post Last Friday, the blockchain analysis organization Elliptic discovered that Colonial paid 75 bitcoins (approximately US$5 million) to an encrypted wallet used by DarkSide on May 8.
Since it became active in early March, the wallet has received a total of $17.5 million in bitcoins, a large part of which was laundered through small cryptocurrency exchanges or sent to Hydra, which is a secret service usually in Russia and neighboring countries. Illegal market on the Internet.
Elliptic also confirmed that a $5 million ransom was emptied from DarkSide’s crypto wallet on Friday, although it did not indicate where the money had been transferred.
colonial Started the process The pipeline (the central artery used to deliver automotive fuel to the eastern United States) was reopened on Wednesday. On Thursday, it said it had restarted the entire system and started delivering products to all of its markets. It did not respond to a request for comment on the ransom.
Newsletter twice a week
Energy is an essential business in the world, and energy is its newsletter. Every Tuesday and Thursday, Energy Source will be sent directly to your mailbox, bringing you important news, forward-looking analysis and internal intelligence. Register here.
The crisis has led to debate about whether victims should be banned from paying ransoms. White House Press Secretary Jen Psaki said on Thursday that the federal government continued to argue that paying ransom would only stimulate such extortion activities and urged companies to strengthen their defenses. The FBI advises against payment.
According to the cybersecurity organization Emsisoft, the ransomware gang received at least $18 billion in ransom payments in 2020 because hackers took advantage of the opportunity for employees to move to remote work, which led to network vulnerabilities. Emsisoft data shows that the average payment is about $150,000.
The authorities are facing increasing public pressure to hunt down and prosecute the attackers. Two people familiar with the matter said that last Saturday, a group of technology companies and US agencies such as the Federal Bureau of Investigation (FBI) disrupted DarkSide by shutting down the US servers they used to store data and then sending the data to Russia. . The withdrawal and the colony’s ransom were first reported by Bloomberg.
James Lewis, a cyber security expert at the Center for Strategic and International Studies, said that further efforts are being discussed to crack criminal ransomware gangs, known as “hacking.”
“People are talking about hacking-it’s getting attention again, and it’s probably caused by the colonization incident.”