Servers of Colonial Pipeline hacker Darkside taken down by unknown actors

Security firm Recorded Future said the ransomware gang admitted in a web post that it lost access to certain servers used for its payments

Darkside was behind the attack on Colonial Pipeline that forced the shutdown of its network shipping fuel across the eastern US

Reading Time:1 minute

The Colonial Pipeline returned to operations following a cyberattack that disrupted fuel supply for the eastern US for days. Photo: Getty Images/AFP

Published: 11:26pm, 14 May 2021Updated: 4:03am, 15 May 2021

Servers for Darkside were taken down by unknown actors on Friday, a week after the cyber extortionist forced the shutdown of a large American oil pipeline in a ransomware scam, a US cybersecurity firm said.

Recorded Future, the security firm, said in a post that the allegedly Russia-based Darkside had admitted in a web post that it lost access to certain servers used for its web blog and for payments.

Accessed via TOR on the dark web, the Darkside site address showed a notice saying it could not be found.

Recorded Future threat intelligence analyst Dmitry Smilyanets said he found a Russian language comment on a ransomware website ostensibly from “Darksupp”, described as the operator of Darkside.

“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” Darksupp wrote.

“The Darkside operator also reported that cryptocurrency funds were also withdrawn from the gang’s payment server, which was hosting ransom payments made by victims,” said Recorded Future.

Select Voice

Choose your listening speed

Get through articles 2x faster

1.25x

250 WPM

Slow

Average

Fast

00:0000:00

1.25x