The group claimed that its servers were seized by a “country not named” and that funds from its “payment server” were withdrawn to an unknown address, according to a post to a Telegram forum republished by Krebs. The message hints that at least the server was shut down by law enforcement, with hosting providers refusing to provide more information.
The group said that it will be releasing decryption tools for its victims that haven’t paid a ransom, according to the post.
The attack on the pipeline company seemed to draw unwanted attention to DarkSide, including drawing the eye of the Biden administration, especially after it led to panicked fuel buying and gasoline shortages in parts of the country. Colonial Pipeline said Thursday afternoon that it had restarted its entire pipeline system, one of the major sources of gasoline, jet fuel, and other petroleum fuels to the U.S. East Coast.
Of course, it’s difficult to verify DarkSide’s claims that its funds have disappeared or, since its membership isn’t publicly known, whether it will simply re-form under another, less prominent name. The group had built up a business where it worked with hacker affiliates who actually penetrated target networks, while DarkSide managed the ransomware software, collecting payment from victims, and hosting stolen data, The Wall Street Journal reports.