FOLLOW US

DarkSide, the Columbia Pipeline hackers, initially posted an apology for the problems their attack had caused. And by Thursday they were sending another message to the partners in their ransomware gang. They claim they will immediately close their operations. Because the U.S. government is trying to retaliate against them. 

According to the security firm Intel471, DarkSide post says “In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck.”

Big Response to the ransomware attack

The DarkSide ransomware attack took down the Colonial Pipeline. As a direct result of the hacking, the pipeline firm had to shut down all systems. Within days debilitating fuel shortages hit the East Coast. And the White House, the FBI, and the Ransomware Task Force were meeting.

The FBI had just confirmed on Monday that DarkSide was responsible for the ransomware attack on Colonial Pipeline. And by Friday some of the biggest ransomware gangs were running for cover. Things were moving fast.

The Ransomware-as-a-Service (RaaS) business may never be the same. Many ransomware operators and the darknet cybercrime forums where they interact are claiming their infrastructure has been taken offline and their business is being blocked.

For the last few months ransomware gangs have been trying to take the heat off of their lucrative business enterprises. Some claimed that they would no longer attack hospitals. But many fear the response to the Colonial Pipeline attack may put them out of business.

The Babuk gang who hit the D.C. police authority claims it will hand over the ransomware’s source code to "another team," which will develop it as a new brand. And they pledge to stay in business, running a name-and-shame blog. They also leaked the 250GB of data they stole from the police.

It seems that Babuk didn’t receive a ransom payment. And some security experts claimed the gangs’ source code was flawed anyway.

DarkSide posts

The DarkSide posts were in Russian. This is the English translation. Note that the second post disappeared within a few hours. But not before they were copied by law enforcement.

• The Apology

DarkSide has indicated that it was caught by surprise by how disruptive its attack on Colonial Pipeline has been. They claim to be sorry for the unintended consequences of the ransomware attack.

“ We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined [government] and look for other our motives,” the statement said. “Our goal is to make money, and not creating problems for society.”

• The Goodbye Post 

“Starting from version one, we promised to speak about problems honestly and openly. A couple of hours ago, we lost access to the public part of our infrastructure, in particular to the