The ransomware group deemed responsible for the days long shutdown of the Colonial Pipeline said it would cease operations.The group sends message to hacking affiliates that it was shutting down after its web servers were seized and cryptocurrency was drained from its accounts. The group attributed the shutdown in part to pressure from unnamed law enforcement agencies. It also said will release decryption Tools for companies who yet to pay the ransom
"In view of the above and due to the pressure from the US, the affiliate program is closed. Stay safe and good luck," the group said in a message obtained by cybersecurity firm Intel 471. "The landing page, servers, and other resources will be taken down within 48 hours."
Colonial Pipeline did not publicly say whether it paid a ransom to regain access to its data. However, multiple outlets reported that company officials paid nearly $5 million in cryptocurrency to the hackers.
The pipeline shutdown triggered panic-buying in several states and prompted concerns about a potential fuel shortage due to the interruption to scheduled deliveries. Colonial Pipeline said on Wednesday evening that it had restored operations, though it warned that a return to full service would take time.
Intel 471 said DarkSide’s announcement and actions can likely be “tied directly to the reaction related to the high-profile ransomware attacks covered by the media this week.”
However, a strong caveat should be applied to these developments: it’s likely that these ransomware operators are trying to retreat from the spotlight more than suddenly discovering the error of their ways,
A number of the operators will most likely operate in their own closed-knit groups, resurfacing under new names and updated ransomware variants
While DarkSide says it ceases it’s operation, Toshiba hit by a massive cyberattack by the same threat vector