BLOG: Colonial Pipeline Operations ‘Back to Normal’ As DarkSide Shuts Down
The Colonial Pipeline at the centre of the recent ransomware controversy last week was able to reestablish all of its systems to an operational level since the occurrence of the incident. DarkSide, the cybercrime group behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark websites operated by DarkSide are now unreachable and inaccessible. In addition, the funds from their cryptocurrency wallets were allegedly exfiltrated to an unknown account, according to a note passed by DarkSide operators to its affiliates.
DarkSide officially shut down its Ransomware-as-a-Service (RaaS) affiliate program, allegedly “due to the pressure from the U.S.”, the group stated they would issue decryptors to all their affiliates for the companies that were attacked, alongside guaranteeing compensation for all outstanding financial obligations by May 23rd.
Elliptic, a blockchain analytics company alleged that the bitcoin wallet used by DarkSide received a payment of 75 BTC (£2.8 million/$3.2 million) from the Colonial Pipeline on May 8th, the wallet was then emptied of $5 million in bitcoin on May 13th. DarkSide’s bitcoin wallet has been active since March 4th and has obtained 57 payments totalling up to $17.5 million from 21 various wallets. There has been speculation that DarkSide did not obtain most of the money from the colonial pipeline ransom due to the US government seizing the bitcoins as most of the money was moved out of DarkSide’s wallet on May 9th. DarkSide’s overall profit has been estimated to be at least $60 million since it first surfaced in the threat landscape in August 2020.
source: thehackernews
Elliptic traced the outflows from DarkSide’s wallet and found that 18% of the bitcoin was sent to a small group of exchanges, with an additional 4% sent to Hydra, the world’s largest darknet bazaar which serves customers in Russia and Eastern Europe. DarkSide’s operational setbacks alongside the intensified scrutiny that followed the Colonial Pipeline ransomware attack has led to RaaS banning illegitimate cybercrime forums. REvil, has since introduced new controls that disallow usage of its software against the government, healthcare and educational bodies belonging to any country.
As we discussed previously ransomware will continue to be a relentless threat for the foreseeable future given its popularity among cybercriminal communities. After the closure of DarkSide, the ransomware landscape is dominated by four major collectives: REvil, LockBit, Avaddon, and Conti. In light of XSS and Exploit refusal to host RaaS operations on their platforms, ransomware collectives are expected to go private and advertise recruitment for new affiliates via their leak sites.
Get our latest cyber intelligence insights straight into your inbox
Fill out the short form below to subscribe to our newsletter so that you never miss out on
our cyber intelligence insights and news.
Privacy Overview
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Strictly Necessary Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features. These must be enabled at all times, so that we can save your preferences.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
If you do not enable Strictly Necessary Cookies, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
3rd Party Cookies
This website uses Google Analytics to collect anonymous information such as the number of visitors to the site, and the most popular pages.
Keeping this cookie enabled helps us to improve our website.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Please enable Strictly Necessary Cookies first so that we can save your preferences!
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Orpheus is a leading cyber security company that offers predictive and actionable intelligence to clients, enabling them to anticipate, prepare for, and respond to cyber threats. Our threat intelligence is used to create threat-led cyber risk ratings, providing a more accurate assessment of risk than just analysing an organisation’s attack surface. Products include; External attack surface management, risk-based vulnerability management, third-party supply chain risk management and cyber threat intelligence. Cyber security jobs and careers.
Request Demo Access
Fill out your details below and we'll be in touch to arrange demo access for you as soon as
possible.