DarkSide Group Hit by Server Shutdowns

DarkSide is the bad actor entity that runs the DarkSide ransomware-as-a-service operation. DarkSide are responsible for the two major ransomware attacks that took place just last week. One targeted US fuel supplier Colonial Pipeline and resulted in a $5 million ransom payout. The other was aimed at the European branches of Toshiba corporation. In the wake of those successful attacks, DarkSide announced that it has now lost access to a sizable portion of its servers.

The DarkSide group, faithful to its promise to remain transparent on its website and inform its potential criminal customers about the state of affairs, announced that it no longer had access to the servers responsible for its blog, its payment processing and DoS infrastructure. The announcement was made on a dark web forum and it appears that DarkSide's hardware has been seized.

Naturally, the threat actor did not mention which country the seized servers were located or which country's authorities were responsible for the takedown. The same announcement stated that the money from affiliate jobs and DarkSide's cut of it has all been moved to an "unknown account".

This is big news, considering what major ransomware attacks the group pulled off in a very short span of time. DarkSide had previously threatened that it had already attacked another handful of victims, with Toshiba probably being one of those. It remains to be seen whether the remainder of the attacks will come to fruition.

The DarkSide server takedown had a ripple effect on the broader underground hacker community. Threatpost reports that a number of underground hacker forums took immediate action and deleted any and all posts and topics related to ransomware.

Security researchers also discovered that REvil, another threat actor that runs a ransomware-as-a-service operation, imposed a number of new restrictions on its future ransomware licensees. REvil will not be performing "pre-moderation" of its partners. The threat group also explicitly stated that it will stop any attempts to have its ransomware used by third parties on any governmental, public, health or educational entities.

This is partly in line with DarkSide's own policy, as DarkSide has a strange code of conduct, having vowed never to attack healthcare or educational institutions.

Another ransomware gang operating the Avaddon ransomware also issued notices that all ransomware licensees that want to make use of the group's ransomware toolkit must first coordinate their targets with the top brass of the group first.

ZDNet reported that a large cybercriminal forum that contains posts in Russian has removed all DarkSide posts from its pages and has banned any further discussion and posts about the DarkSide group. There is no hard information on what exactly happened with DarkSide's servers, but it appears that the takedown sent a message to other ransomware groups and hackers across the world.

May 17, 2021
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.