“Darkside,” the Russian computer hacking group who officials say caused the Colonial Pipeline shutdown, is going dark.
According to The Hill, security firms in the United States are reporting that the group lost its online access from law enforcement.
The cybersecurity organization Intel 471 told the Wall Street Journal that it had copied a blog post by Darkside, written in Russian, that said the site was closing after an unspecified law enforcement organization cut off its access to its server and confiscated its funds.
“In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck,” the blog post said. “The landing page, servers, and other resources will be taken down within 48 hours.”
The FBI fingered the Russian ransomware group as being responsible for shutting down the Colonial Pipeline, causing gasoline shortages throughout the southeast United States this week.
The pipeline runs from Texas to New Jersey and carries about half of the oil and gas used in that part of the country daily.
According to the company, the pipeline carries 100 million gallons of fuel each day and is the largest refined oil products in the nation.
The disruption in the pipeline caused many gasoline stations to run out of fuel, causing long lines in several states including Virginia and Georgia with the price of a gallon of gas going as high as $6.99, according to published reports.
Colonial officials said the pipeline, which had to be opened in small sections manually this week, was reopened on Thursday, and full service restored by the end of the weekend.
Darkside used what is known as a “ransomware” attack to shut down the major U.S. pipeline.
According to the McAfee computer security website, ransomware is defined as: “malware that employs encryption to hold a victim’s information at ransom. A user or organization’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization.”
According to The Hill’s report, it is not clear if Colonial paid a ransom to Darkside to reopen.
While the energy company denied making any payments, Bloomberg reported that it had paid out around $5 million “within hours” of the cyberattack.
Source: Newmax
