The DarkSide hacking group behind the cyber attack on the main US fuel supplier Colonial Pipeline is said to be shut down, according to cybersecurity professionals.
Risk intelligence firm Flashpoint said on Friday that DarkSide was shutting down, and cybersecurity firm FireEye said DarkSide has told hacking partners that it is shutting down as well, according to the Wall Street Journal.
FlashPoint said it observed a statement in Russian from DarkSide on Thursday night explaining the setbacks it was experiencing prior to its shutdown.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers, ”reads a DarkSide post observed and translated by Flashpoint. “Now these servers are not available via SSH, the hosting panels are blocked.”
Cyber attackers used ransomware against Colonial Pipeline, which involves malicious software that restricts access to data and systems until victims pay the attackers to restore their access. DarkSide used a ransomware-as-a-service model in which the developers received a portion of the payment collected by their affiliates who used the ransomware against multiple victims.
Before its closure, a Russian-language “XSS” hacking forum announced Thursday that ransomware activities were prohibited on its platform, which was previously a place for ransomware gangs to recruit partners, according to Flashpoint.
All DarkSide forum posts were removed as of Friday morning, according to Flashpoint.
DarkSide told affiliates that pressure from law enforcement contributed to its decision to shut down, according to the Journal.
The closure of DarkSide does not necessarily mean the disappearance of cyberattacks affiliated with the group, as they may continue to operate as part of other ransomware gangs or form new groups.