The servers of Darkside, the hacker group behind the cyberattack targeting U.S. oil pipeline operator Colonial Pipeline last week, have been taken out of service, cybersecurity firm Recorded Future said on Friday.
The hacker admitted that Darkside ransomware lost access to several of the servers the group uses to host their blog or get paid.
Accessible via the TOR browser on the dark web, the underground version of the internet, the Darkside site was inaccessible on Friday morning.
Earlier in the day, Toshiba TFIS, a French subsidiary of the Japanese technology group Toshiba specializing in particular in printers, admitted on Friday that it had "suffered, on the night of May 4, an act of hacking by Darkside ransomware which had already attacked numerous companies of all sizes ”.
"No data leakage"
The Japanese group had said in a separate statement that the damage was contained in part of Europe and that the hackers had not had access to customer data. According to Toshiba TFIS, "data untouched by viruses could be recovered and the amount of work lost was very minimal." The subsidiary also ensures that it has detected "no data leak", while screenshots of a Darkside claim announcing a leak of 740 gigabytes of data circulating on social networks.
“The hacked account was blocked within 10 hours of the attack”, the company explains.
“It therefore seems unlikely to us that such a large amount of data could have been extracted in this period of time.
"The claim is very credible," said Valéry Marchive, editor-in-chief of LeMagIT magazine, specializing in cybersecurity.
But according to this expert, "the Darkside site is no longer accessible now" on the darknet, this anonymous part of the Web.
Suspected of being linked to Russia
DarkSide appeared publicly in August 2020 and specializes in ransomware attacks against businesses, a process that involves exploiting security holes to encrypt and block computer systems, demanding a ransom to unblock them.
The criminal group is behind the hack into the Colonial Pipeline, the largest in the United States for refined products, which restarted its entire system Thursday evening after being paralyzed over the weekend, according to the US federal police. -end last.
The group, suspected by some experts to be linked to Russia, offers a ransom platform to "affiliated" hackers, with these hackers and the group then sharing the ransom.
Ransomware: One in five French companies attacked in 2020
Cyberattack: Perpetrators of Sophisticated Ransomware Arrested in Ukraine