[ad_1]
According to cybersecurity investigators, the cyber criminal cartel guilty of the ransomware attack on a U.S. oil pipeline that caused gas shortages for motorists this week has said it ceases operations.
The news comes after Colonial Pipeline Company made a ransom payment to hackers worth nearly $ 5 million while working to restart its 5,500-mile network, people who were familiar with the matter said.
DarkSide, the alleged Russian-based group that the FBI said was responsible for the attack, has told its affiliates that it is shutting down its services, said FireEye, a cybersecurity group designated to investigate the incident.
So far, DarkSide has maintained the ransomware, but has also leased it to others through an affiliate program, eliminating revenue from attacks that take control of an organization’s data or software systems and block owners by encrypting until payments are made.
In a post on the dark web, found by Recorded Future researchers and viewed by the Financial Times, he also said he had lost control of much of his public infrastructure, including his blog and the server he uses to accept payments. rescue. and that their cryptographic funds had been confiscated.
“The message cited law enforcement pressure and U.S. pressure for that decision,” said Kimberly Goody, chief financial crime analysis manager for FireEye’s Threat Intelligence arm.
It is unclear whether the disruption of the group’s infrastructure was directed by the authorities, and also whether DarkSide disconnected with the aim of resuming operations later in another form, known as the “exit scam”.
US President Joe Biden dit he has a “strong reason” to believe that DarkSide hackers were based in Russia, but that he did not believe Moscow was directly responsible.
“We have been in direct communication with Moscow about the imperative that responsible countries take decisive action against these ransomware networks,” he said on Thursday.
Colonial made a ransom payment to hackers using cryptocurrency, according to two people familiar with the matter. “It was a certain number of bitcoin that totaled a hair of less than $ 5 million, ”one of the people said.
Colonial the process began of putting the pipeline back in line, a central artery to supply fuel to the eastern U.S., on Wednesday. On Thursday he said he had restarted the entire system and had started delivering products to all its markets. He did not respond to a request for comment on the ransom payment.
Newsletter twice a week
Energy is the indispensable business of the world and the source of energy is its newsletter. Every Tuesday and Thursday, right in your inbox, Energy Source provides you with essential news, advanced analytics, and insider intelligence. Sign up here.
The crisis has revived the debate over whether there should be a general ban on victims paying ransoms. White House press secretary Jen Psaki said Thursday that the federal government continued to argue that paying ransoms only encouraged such blackmail activities and urged companies to tighten their defenses. The FBI advises against payments.
According to cybersecurity group Emsisoft, Ransomware gangs earned at least $ 18 billion in bailouts in 2020, as hackers took advantage of employees moving to remote work and the resulting cyber vulnerabilities. The average payment is about $ 150,000, according to Emisoft data.
Authorities are facing growing citizen pressure to hunt down and prosecute attackers. Last Saturday, a group of technology companies, as well as U.S. agencies such as the FBI, disrupted DarkSide by shutting down U.S.-based servers they used to store data before sending it to Russia, according to two people familiar with the situation. . Bloomberg first reported the withdrawal and payment of Colonial’s ransom.
James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, said there was discussion about whether to strive to go further and hack criminal ransomware gangs, known as “hacking back.”
“People are talking about hacking: get back on the radar and it’s probably caused by the colonial incident.”
[ad_2]
Source link