The internet blackmailers, who took parts of the IT systems of one of America's largest oil pipelines digitally hostage for almost a week and captured the equivalent of around 4 million euros, seem to have lost control of their own network computers.
The loss apparently includes the computers used by their victims for the actual attacks and the subsequent payments, according to The Record and Krebs-on-Security, two usually well-informed Internet forums about IT security.
Stephan Finsterbusch
Editor in business.
Follow I follow
In addition, the group that appeared in the pipeline hack under the name DarkSide has now apparently put down its arms. According to her own account, she put her tools and instruments out of action. All companies that are still affected by one of the encryption and extortion programs will be provided with the decryption programs immediately. The operation of their own mainframe computers had also been discontinued; information will only be given “at the request of law enforcement authorities”.
In addition, DarkSide has received a kind of house ban through the operators of relevant exchange and chat forums on digital platforms such as the Russian XSS.
The members operating under aliases have disappeared since the end of last week.
Last year, around 30 hacker teams who specialized in the development and use of ransomware came together under the umbrella of DarkSide.
At the beginning of May they landed their biggest coup to date with the pipeline hack.
Most severe attack on infrastructure to date
Shortly afterwards, American President Joe Biden announced that he would take steps against the attackers in the pipeline. The American security authorities are urged to act quickly and harshly. According to Biden, the White House is in close contact with Moscow because of the most serious attack to date on the infrastructure of the United States. The Kremlin pledged its support. It is generally assumed that the hackers work from Russia or at least Eastern Europe and that Moscow knows more about them than it has previously said.
This pressure leaves its mark. The well-wired analyst Dmitry Smilyanets of the online magazine The Record by Recorded Future assumes that the attack on the pipeline has brought the barrel to overflowing in the hacker community. Obviously, there is growing displeasure in the hacker community with the operators of extortion programs. They attacked schools, utilities and, most recently in Ireland, medical services. That is life-threatening. DarkSide would have "generated a critical mass of nonsense," wrote the XSS administrator on the Internet. That "has become dangerous and poisonous". Therefore, the group is thrown out of the forum.
DarkSide had previously stated on a website that it had no political agenda. All it wants is: earn money - and for that it has attacked the pipeline. One of the teams attacked the computers of the Colonial Pipeline Co. in early May. The hackers hijacked parts of the system and encrypted masses of files with a special program. In order to get the data free again and to resume the interrupted operation of the almost 9000 km long pipeline, the management, apparently in consultation with the security authorities of the country, had paid 75 Bitcoin (4 million euros) as a ransom, according to the Bloomberg news agency, previously unconfirmed .