The operator of the ransomware group Darkside said on Friday it had lost control of its servers and some of the money it had made through ransom payments, Recorded Future threat intelligence analyst Dmitry Smilyanets reported.
"A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers," Darksupp, the operator of the Darkside ransomware, said in a post spotted by Smilyanets.
The operator of Darkside also said that cryptocurrency funds were withdrawn from their payment server, which was hosting ransom payments.
Darkside was behind the ransomware attack on the main pipeline carrying gasoline and diesel to the U.S. East Coast, Colonial Pipeline, which shut down late last week, disrupting gasoline and diesel deliveries to many states. This created panic buying and sent the national U.S. average gasoline price above $3 per gallon for the first time since 2014.
Colonial Pipeline has reportedly paid the ransom, to the tune of almost US$5 million in untraceable cryptocurrency, to the hackers that forced the operator to shut down the main U.S. fuel pipeline, Bloomberg reported on Thursday, citing two sources with knowledge of the transaction.
The ransomware group said it had lost access to servers just a day after U.S. President Joe Biden said that "We're also going to pursue a measure to disrupt their ability to operate," referring to the hackers of Colonial Pipeline's computer network. President Biden said there was no evidence that the Russian government was behind the attack, but the people involved in the ransomware attack "are living in Russia."
According to Recorded Future's Smilyanets, the announcement from Darkside could mean that the U.S. had taken steps to disrupt the cyber criminals' "ability to operate". But it could also be a smokescreen so that the hackers shut down the computer infrastructure and network and run away with the money, the so-called "exit scam," Smilyanets warns.