DarkSide ransomware business reportedly shut down after malicious agents lost access to servers and their cryptocurrencies were transferred to an unknown wallet. This news came to light by a hacker known as UNKN, the representative of his rival gang REvil ransomware, in a forum post first discovered by Recorded Future researcher Dmitry Smilyanets, in the Exploit hacking forum.
In the post, "UNKN" shared a message allegedly written by the DarkSide gang, which explained how the malicious agents lost access to their public data leak site, payment servers and CDN servers, following enforcement action. law's.
The post posted on the forum by UNKN states the following: "From the first edition, we promised to speak honestly and openly about problems. A few hours ago, we lost access to our public infrastructure and specifically to: Blog, payment server, DOS servers. Now these servers are not available via SSH, hosting panels are blocked. "Hosting support does not provide any information other than information" at the request of law enforcement authorities. "
This news comes a day after the American President, Joe Biden, said in a White House press conference that countries that "host" ransomware networks must take action to shut them down. In addition, Biden said in a press conference about the cyber attack on Colonial pipeline THE EXCELLENT: "We do not believe - I emphasize - we do not believe that the Russian government was involved in this attack. But we have strong reasons to believe that the criminals who carried out the attack are living in Russia. "We are in direct contact with Moscow about ordering responsible countries to take decisive action against these ransomware networks."
Investigators and security reporters note that DarkSide's data leak site is no longer accessible from 13 May and it was estimated that law enforcement confiscated the server.
However, according to BleepingComputer, the DarkSide Tor payment server is still working. If law enforcement confiscated the server, they may keep it running to allow victims access to their decryptors.
Source of information: bleepingcomputer.com