A popular Russian-language criminal forum has claimed it will ban the sale of ransomware tools, after colonial pipeline attack. Ransomware was attracting too much “hype” and attention from outsiders, but ransomware operators frequently engage in self-serving public relations stunts.
DarkSide which has a main hand in the attack had tied with russian speaking scammers. Due to face retaliation from the US government
DarkSide is both the name of the ransomware and the hacker syndicate that develops the code and sells it to other groups. The website that DarkSide uses to shame victims into paying ransoms was offline.
The development pointed to newfound pressure that ransomware operators were feeling following the breach of the IT systems at Colonial Pipeline, the main artery for delivering fuel to the East Coast. The ransomware incident forced Colonial Pipeline to shut down for days. Though service is being gradually restored, the disruption led to concerns over gasoline-hoarding and price-gouging, and to emergency orders from federal agencies to alleviate any fuel shortages.
An underground forum post from DarkSide claimed that the group had lost access to some of its infrastructure, and that it was closing its “affiliate program,”
Other investigators were reluctant to draw any definitive conclusions from the underground chatter.