The Ransomware-as-a-Service (RaaS) business may never be the same. Many ransomware operators and the darknet cybercrime forums where they interact are claiming their infrastructure has been taken offline and their business is being blocked.
For the last few months ransomware gangs have been trying to take the heat off of their lucrative business enterprises. Some claimed that they would no longer attack hospitals. But many fear the response to the Colonial Pipeline attack may put them out of business.
The Babuk gang who hit the D.C. police authority claims it will hand over the ransomware’s source code to “another team,” which will develop it as a new brand. And they pledge to stay in business, running a name-and-shame blog. They also leaked the 250GB of data they stole from the police.
It seems that Babuk didn’t receive a ransom payment. And some security experts claimed the gangs’ source code was flawed anyway.
DarkSide posts
The DarkSide posts were in Russian. This is the English translation. Note that the second post disappeared within a few hours. But not before they were copied by law enforcement.
-
The Apology
DarkSide has indicated that it was caught by surprise by how disruptive its attack on Colonial Pipeline has been. They claim to be sorry for the unintended consequences of the ransomware attack.
