The hacking group DarkSide behind the cyberattack on the major U.S. fuel provider Colonial Pipeline is said to be shutting down, according to cybersecurity professionals.
The risk intelligence firm Flashpoint said Friday that DarkSide was closing, and the cybersecurity firm FireEye said DarkSide has told hacking associates it is shuttering as well, according to the Wall Street Journal.
FlashPoint said it observed a Russian-language statement from DarkSide on Thursday evening explaining setbacks it was experiencing prior to its closure.
“A few hours ago, we lost access to the public part of our infrastructure, namely: Blog. Payment server. DOS servers,” read a post from DarkSide observed and translated by Flashpoint. “Now these servers are unavailable via SSH, the hosting panels are blocked.”
Cyberattackers used ransomware against Colonial Pipeline, which involves malicious software restricting access to data and systems until victims pay the cyberattackers to restore their access. DarkSide used a ransomware-as-a-service model that involved developers receiving a cut of the payment collected by its affiliates that used the ransomware against various victims.
Ahead of its shutting down, a Russian-language hacking forum “XSS” announced on Thursday that ransomware activities were outlawed on its platform, which previously was a venue for ransomware gangs to recruit partners, according to Flashpoint.
All of DarkSide’s posts on the forum were removed as of Friday morning, per Flashpoint.
DarkSide told affiliates that pressure from law enforcement contributed to its decision to close up, according to the Journal.
DarkSide’s closure does not necessarily mean the demise of the cyberattackers affiliated with the group, as they may continue to operate as part of other ransomware gangs or form new groups.