In a recent development, a representative from a ransomware group known as REvil announced that the DarkSide ransomware group, who were responsible for the Colonial Pipeline shutdown, had lost access to all of their public resources resources.
The user known as “UNKN” stated that the group had lost access to the public part of their infrastructure, which included their blog, payment server and Denial-of-Service servers.
“UNKN” also stated that all the cryptocurrency funds that were in possession of the group were transferred to an unknown party.
When trying to visit the group’s dark web site, it greets you with a “Site not Found” error. The groups online payment and decrypting service is still accessible at the time of writing. If the groups infrastructure was seized by law enforcement, then its suspected that they are leaving the portal in order to allow the group’s victims to access decryption keys to unlock their files.
It is not known yet if these are from the actions of law enforcement yet. A running theory is that because the group’s actions and all the attention of law enforcement they have received, the group is pulling an exit scam.
After raking in close to $9.4 million in ransomware payments from Colonial Pipeline and a German chemical distribution company, its suspected that the group is just taking the money and running.
Until there is a confirmation from law enforcement, it will remain unknown what happened to the group but it does seem that DarkSide’s days are over.